Today there is much praise for YouTube, MySpace, blogs and all the other democratic digital technologies that are allowing you and me to transform media and commerce. But these infant Internet applications are at risk, thanks to the regulatory implications of "network neutrality." Proponents of this concept -- including Democratic Reps. John Dingell and John Conyers, and Sen. Daniel Inouye, who have ascended to key committee chairs -- are obsessed with divvying up the existing network, but oblivious to the need to build more capacity.

To understand, let's take a step back. In 1999, Yahoo acquired Broadcast.com for $5 billion. Broadcast.com had little revenue, and although its intent was to stream sports and entertainment video to consumers over the Internet, two-thirds of its sales at the time came from hosting corporate video conferences. Yahoo absorbed the start-up -- and little more was heard of Broadcast.com or Yahoo's video ambitions.

Seven years later, Google acquired YouTube for $1.65 billion. Like Broadcast.com, YouTube so far has not enjoyed large revenues. But it is streaming massive amounts of video to all corners of the globe. The difference: Broadcast.com failed because there were almost no broadband connections to homes and businesses. Today, we have hundreds of millions of links world-wide capable of transmitting passable video clips.

Why did that come about? At the Telecosm conference last October, Stanford professor Larry Lessig asserted that the previous federal Internet policy of open access neutrality was the chief enabler of success on the net. "ecause of that neutrality," Mr. Lessig insisted, "the explosion of innovation and the applications and content layer happened. Now . . . the legal basis supporting net neutrality has been erased by the FCC."

In fact, Mr. Lessig has it backward. Broadcast.com failed precisely because the FCC's "neutral" telecom price controls and sharing mandates effectively prohibited investments in broadband networks and crashed thousands of Silicon Valley business plans and dot-com dreams. Hoping to create "competition" out of thin air, the Clinton-Gore FCC forced telecom providers to lease their wires and switches at below-market rates. By guaranteeing a negative rate of return on infrastructure investments, the FCC destroyed incentives to build new broadband networks -- the kind that might have allowed Broadcast.com to flourish.

By 2000, the U.S. had fewer than five million consumer "broadband" links, averaging 500 kilobits per second. Over the past two years, the reverse has been true. As the FCC has relaxed or eliminated regulations, broadband investment and download speeds have surged -- we now enjoy almost 50 million broadband links, averaging some three megabits per second. Internet video succeeded in the form of YouTube. But that "explosion of innovation" at the "applications and content layer" was not feasible without tens of billions of dollars of optics, chips and disks deployed around the world. YouTube at the edge cannot happen without bandwidth in the core.

Messrs. Lessig, Dingell and Conyers, and Google, now want to repeat all the investment-killing mistakes of the late 1990s, in the form of new legislation and FCC regulation to ensure "net neutrality." This ignores the experience of the recent past -- and worse, the needs of the future.

Think of this. Each year the original content on the world's radio, cable and broadcast television channels adds up to about 75 petabytes of data -- or, 10 to the 15th power. If current estimates are correct, the two-year-old YouTube streams that much data in about three months. But a shift to high-definition video clips by YouTube users would flood the Internet with enough data to more than double the traffic of the entire cybersphere. And YouTube is just one company with one application that is itself only in its infancy. Given the growth of video cameras around the world, we could soon produce five exabytes of amateur video annually. Upgrades to high-definition will in time increase that number by another order of magnitude to some 50 exabytes or more, or 10 times the Internet's current yearly traffic.

We will increasingly share these videos with the world. And even if we do not share them, we will back them up at remote data storage facilities. I just began using a service called Mozy that each night at 3 a.m. automatically scans and backs up the gigabytes worth of documents and photos on my PCs. My home computers are now mirrored at a data center in Utah. One way or another, these videos will thus traverse the net at least once, and possibly, in the case of a YouTube hit, hundreds of thousands of times.

There's more. Advances in digital medical imaging will soon slice your brain 1,024 ways with resolution of less than half a millimeter and produce multigigabyte files. A technician puts your anatomy on a DVD and you send your body onto the Internet for analysis by a radiologist in Mumbai. You skip doctor visits, stay home and have him come to you with a remote video diagnosis. Add another 10 exabytes or more of Internet data traffic. Then there's what George Gilder calls the "global sensorium," the coming network of digital surveillance cameras, RFID tags and other sensors, sprawling across every home, highway, hybrid, high-rise, high-school, etc. All this data will be collected, analyzed and transmitted. Oh, and how about video conferencing? Each year we generate some 20 exabytes of data via telephone. As these audio conversations gradually shift to video, putting further severe strains on the network, we could multiply the 20 exabytes by a factor of 100 or more.

Today's networks are not remotely prepared to handle this exaflood.

Wall Street will finance new telco and cable fiber optic projects, but only with some reasonable hope of a profit. And that is what net neutrality could squelch. Google, for example, has guaranteed $900 million in advertising revenue to MySpace and paid Dell $1 billion to install Google search boxes on its computers; YouTube partnered with Verizon Wireless; MySpace signed its own content deal with Cingular. But these kinds of preferential partnerships, where content and conduit are integrated to varying degrees -- and which are ubiquitous in almost every industry -- could be outlawed under net neutrality.

Ironically, the condition that net neutrality seeks to ban -- discrimination or favoritism of content on the Internet -- is only necessary in narrowband networks. When resources are scarce, the highest bidder can exclude the others. But with real broadband networks, capacity is abundant and discrimination unnecessary. Net neutrality's rules, price controls and litigation would prevent broadband networks from being built, limit the amount of available bandwidth and thus encourage the zero-sum discrimination supposedly deplored.

Without many tens of billions of dollars worth of new fiber optic networks, thousands of new business plans in communications, medicine, education, security, remote sensing, computing, the military and every mundane task that could soon move to the Internet will be frustrated. All the innovations on the edge will die. Only an explosion of risky network investment and new network technology can accommodate these millions of ideas.

Mr. Swanson is a senior fellow at the Discovery Institute, and contributing editor at the Gilder Technology Report.

Viacom Tells YouTube: Hands Off NY TimesBy GERALDINE FABRIKANT and SAUL HANSELLPublished: February 3, 2007In a sign of the growing tension between old-line media and the new Internet behemoths, Viacom, the parent company of MTV and Comedy Central, demanded yesterday that YouTube, the video-sharing Web site owned by Google, remove more than 100,000 clips of its programming.

“The Colbert Report” on Comedy Central, a Viacom unit, is popular with young viewers, and clips from it appear frequently on YouTube. Viacom, along with other major media companies, including the News Corporation and NBC Universal, has become increasingly frustrated with YouTube as it has amassed a vast library of copyrighted clips, placed on the site by its users.

While such companies regularly ask YouTube to remove their material, Viacom’s demand, which it disclosed in a statement circulated by e-mail, was the most militant and public move of its kind so far.

As it has with the similar request from other companies, Google removed the Viacom clips from the YouTube site yesterday.

The dispute underscored the tense dance that major media companies are doing with Google, which bought YouTube for $1.65 billion last October. Google hopes to strike deals that will give it the rights to mainstream programming and also wipe away its potential liability for any violations of copyright law by YouTube so far.

Despite intense negotiations in recent months, Google has not been able to announce any such deals with media companies. YouTube is supported by advertising, but in most cases it does not share that revenue with copyright holders.

Viacom is particularly unhappy because so many of its shows, like “The Daily Show With Jon Stewart,” a YouTube favorite, appeal to the young audiences who visit the site.

“We cannot continue to let them profit from our programming,” Philippe P. Dauman, Viacom’s chief executive, said in an interview. Mr. Dauman said that Viacom had been in discussions with Google for months, but that Google kept delaying and did not make what Viacom saw as a serious offer.

David Eun, a vice president for content partnerships at Google, said that his company had been “very serious” about the talks, but that the companies could not agree on financial terms. “We put in a lot of time to figure out what would be a mutually beneficial deal,” he said.

A Viacom spokesman said the company had repeatedly asked YouTube to filter out its programming automatically, but that Google had not responded.

“They choose not to filter out copyrighted content, “ said the spokesman, Carl D. Folta. He added that the company apparently had the technology to filter out pornography and hateful material, which is rarely seen on YouTube.

Chad Hurley, the co-founder and chief executive of YouTube, said the company was still working on its filtering technology. He said it had agreed to use it to identify and possibly remove copyrighted material from Warner Music, and it would discuss a similar arrangement with Viacom as part of a broader deal.

Mr. Folta said he found that stand unacceptable. “They are saying we will only protect your content if you do a deal with us — if not, we will steal it.”

Whether YouTube is stealing content by serving up clips of copyrighted programs is very much up for debate. Like most big Internet companies, Google says it is protected by the Digital Millennium Copyright Act, so long as it removes material whenever a copyright owner requests it.

John G. Palfrey Jr. , the executive director of the Berkman Center for Internet and Society at Harvard Law School, said Google may well be able to use this defense, but “I don’t think the law is entirely clear.” And if Google loses, “the damages could get astronomically high,” he said.

Viacom’s move comes at a time when it and other media companies have contemplated creating a service to rival YouTube. There have been off-again-on-again negotiations among a variety of companies, including the News Corporation, NBC Universal and the Walt Disney Company.

Viacom’s cable networks, meanwhile, are increasingly putting clips from their programs on their own Web sites and selling advertising on them.

In the face of uncertainty, media companies have taken different approaches to YouTube. For the last year, NBC Universal has demanded that the site remove most clips of its material, other than a small set provided by NBC itself. Others, like CBS, have largely allowed their content to remain on YouTube. CBS has struck a deal to provide some clips to YouTube and share in the advertising revenue associated with it.

It was not clear yesterday how Viacom’s demand might affect the rest of the industry and whether other media companies would follow suit.

Andrew Butcher, a spokesman for the News Corporation, which owns the Fox television network and the social networking site MySpace, said his company supported Viacom’s move. “They’ve got every right to protect their content in whatever way they deem appropriate,” Mr. Butcher said. “So far we’ve been dealing with YouTube and others on a case-by-case basis.”

Reports have been circulating in the industry that Google had offered to pay $100 million a year for the use of Viacom’s programming.

Mr. Dauman of Viacom denied there had been a deal on the table. He said Viacom “never had any kind of an agreement with Google that it could say yes to,” adding: “There was not enough to be a detailed offer. They have shown no sense of urgency to enter into an agreement with anyone.”

Some analysts said the removal demand was simply a business tactic on Viacom’s part.

“This is a negotiating strategy to get paid, and I think both sides need a middle ground,” said Michael Nathanson, a media analyst at Sanford C. Bernstein & Company. “Both sides have clear needs in this negotiation. What they are arguing about is price.”

Viacom’s demand was “a risk worth taking,” Mr. Nathanson said. He and others pointed out that the music industry was once afraid to take a similarly aggressive stance when its product appeared on the Napster music-sharing service. “If content is available free and it is tolerated, it erodes your core business,” Mr. Nathanson said.

But others said the move could hurt Viacom if young YouTube users become angry when they upload clips to the site and realize that Viacom is insisting that they be removed. Yesterday, Google tried to position Viacom’s move as hostile toward YouTube users.

“The biggest feeling we have right now is regret that Viacom may miss out on the chance to interact with the YouTube community,” Mr. Eun said.

The effort to integrate old and new media has made some inroads. Just a few months ago, Viacom and Google were cozying up so successfully that Viacom struck a deal to have Google distribute clips from its shows on its Google Video service. The deal included an arrangement for the two companies to share revenue from adjacent advertising. Mr. Dauman characterized that deal yesterday as an “experiment.”

Broadband BreakoutFebruary 16, 2007; Page A14"I love the free market, but the fact is more concentration means less competition, and these markets are less free than they should be. And this Commission is about regulation -- regulators. I always worry a little when I hear regulators shy away from regulation talk."

-- Senator Byron Dorgan (D., North Dakota) addressing members of the Federal Communications Commission at a recent hearing.

If you're wondering where the new Democratic majority in Congress is inclined to steer telecom policy, look no further than Mr. Dorgan's comment above. Note how he pays lip service to free markets while ultimately favoring more regulation for its own sake.

But more regulation is the last thing today's telecom industry needs, at least if empirical evidence is any indication. As FCC Chairman Kevin Martin reported at a Senate hearing earlier this month, the industry is now taking risks in a way it hasn't since the tech bubble burst six years ago.

"In 2006, the S&P 500 telecommunications sector was the strongest performing sector, up 32% over the previous year," said Mr. Martin. "Markets and companies are investing again, job creation in the industry is high, and in almost all cases, vigorous competition -- resulting from free-market deregulatory policies -- has provided the consumer with more, better and cheaper services to choose from."

Much of this growth has been fueled by increased broadband deployment, which makes high-speed Internet services possible. The latest government data show that broadband connections increased by 26% in the first six months of 2006 and by 52% for the full year ending in June 2006.

Also noteworthy, notes telecom analyst Scott Cleland of the Precursor Group, is that of the 11 million broadband additions in the first half of last year, 15% were cable modems, 23% were digital-subscriber lines (DSL) and 58% were of the wireless variety. Between June 2005 and June 2006, wireless broadband subscriptions grew to 11 million from 380,000.

This gives the lie to claims that some sort of cable/DSL duopoly has hampered competition among broadband providers and limited consumer options. That's the charge of those who want "network neutrality" rules that would allow the government to dictate what companies like Verizon and AT&T can charge users of their networks. But the reality is that the telecom industry has taken advantage of this deregulatory environment to provide consumers with more choices at lower prices. Verizon's capital investments since 2000 exceed $100 billion, and such competitors as Cingular, T-Mobile and Sprint are following suit. So are the cable companies.

It's also worth noting that the deregulatory telecom policies pushed by Mr. Martin and his immediate predecessor, Michael Powell, have accompanied a wave of mergers -- SBC/AT&T, Sprint/Nextel, Verizon/MCI, AT&T/BellSouth. Most of these marriages were opposed by consumer groups and other fans of regulation on the grounds that they would lead to fewer choices and higher costs. In fact, these combinations have created economies of scale, and customers are clearly better off.

The result has been more high-speed connections, along with greater economic productivity, but also an array of new services. The popular video-sharing Web site YouTube is barely two years old. And it wouldn't exist today but for the fact that there's enough broadband capacity to allow millions of people to view videos over the Web.

Increased broadband demand has also been good news for Internet hardware companies like Cisco and Juniper, where annual sales are up by nearly 50%. A Journal report this week notes that "North American telecom companies are projected to spend $70 billion on new infrastructure this year," which is up 67% from 2003.

And prices are falling, by the way. Between February 2004 and December 2005, the average monthly cost for home broadband fell nearly 8%. For DSL subscribers, it fell nearly 20%. Which means that consumers are benefiting from new services and different pricing packages, as well as getting better deals.

The one sure way to stop these trends is by bogging down industry players with regulations or price controls that raise the risk that these mammoth investments will never pay off. Yet that seems to be the goal of Senator Dorgan and other Democrats such as Representative Ed Markey, another "Net neutrality" cheerleader, who is planning his own hearings. Consumers will end up paying for such policies in fewer choices and higher prices.

Reverse hacker wins $4.3M in suit against Sandia LabsShawn Carpenter used his own hacking techniques to probe outside breach

February 14, 2007 (Computerworld) -- Shawn Carpenter, a network security analyst at Sandia National Laboratories who was fired in January 2005 for his independent probe of a network security breach at the agency, has been awarded $4.3 million by a New Mexico jury for wrongful termination.

In announcing its decision yesterday, the jury also awarded Carpenter $350,000 for emotional distress and more than $36,000 for lost wages, benefits and other costs.

A spokesman from Sandia expressed "disappointment" with the verdict and said the lab will consider whether to appeal it or not.

The highly publicized case involved Carpenter's investigation of a network break-in at Sandia in 2003.

After initially telling superiors about the incident, Carpenter launched an independent, months-long investigation during which he used hacking techniques of his own to eventually trace the attacks back to a Chinese cyberespionage group. The group, called Titan Rain by federal authorities, was believed responsible for carrying out similar attacks against a large number of U.S. government, military and commercial interests.

Carpenter shared information from his investigation, initially with individuals at the Army Counterintelligence Group and later with the FBI.

When Sandia officials learned of the investigation and of his sharing information with the FBI and other outside agencies, they terminated him for inappropriate use of confidential information that he had gathered in his role as a network security manager for the laboratory.

Yesterday's verdict is a "vindication of his decision to do the right thing and turn over the information he obtained to the proper federal authorities in the interests of national security," said Philip Davis, one of the attorneys who represented Carpenter in his lawsuit.

The verdict highlights "the jury's belief that Shawn Carpenter is a patriot and did what he did to protect the national interest," Davis said. "That was more important than Sandia's own interest in taking care of itself."

The size of the punitive damages at $4.3 million is more than twice of what was sought and sends an "unambiguous message that national security comes first," he said.

Ira Winkler, an independent security consultant and author of Spies Among Us who has also written for Computerworld, said the verdict was "incredibly justified. Frankly, I think people [at Sandia] should go to jail" for ignoring some of the security issues that Carpenter was trying to highlight with his investigation.

After Carpenter's termination, the investigations into the Titan Rain group appear to have gone nowhere, said Winkler, a former National Security Agency analyst. He added that while the Carpenter award is welcome, it would ultimately be paid with taxpayer money.

"This whole thing is costing them nothing," Winkler said. "Whatever legal fees they are running up is just being passed back to the U.S. government," he said.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Download And Burn Movies Available Soon Posted by Zonk on Sunday March 04, @06:15AMfrom the oh-css-is-there-nothing-you-can't-do dept. An anonymous reader writes "According to an article from PC World, a source close to the CSS Managed Recording forum said that technology which allows movies to be downloaded and burned to blank DVDs, using the same content-protection system as commercial discs, received official approval on Thursday. 'The technology will require discs that are slightly different from the conventional DVD-Rs found in shops today. The burned discs will be compatible with the vast majority of consumer DVD players ... Despite Thursday's approval, services that allow consumers to legally download and burn movies in their own homes are unlikely to appear quickly. The DVD CCA said it will be initially restricted to professional uses. These might include kiosks in retail stores where consumers can purchase and burn discs in a controlled environment.'"

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

--Storm Virus Showcases Failure of Anti Virus Technology(5 March 2007)By using more than 54,000 slightly different variants, the storm worm Trojan horse successfully used small changes to evade most anti virus products. This is a technique now used by most current and relevant malware. It demonstrates the futility of counting on anti virus software for protection.

When the Storm Worm swept through the Internet in mid-January, the program's writers took a brute force approach to evading antivirus defenses: They created a massive number of slightly different copies of the program and released them all at the same time.

“ Signatures are still needed but the amount of malware that is being produced and the speed with which it changes means that you need a lot of researchers. ”

Alex Shipp, security researcher, MessageLabs On January 18, the day the misnamed program--a Trojan horse, not a worm--first appeared, more than 350 different variants were released, according to report penned by security firm CommTouch Software. Four days later, the number of slightly-different versions jumped to more than 7,300. By the end of January, more than 54,000 variants had hit the Internet, the report (PDF) stated, each one spammed out by computers previously compromised by the program.

"Virus writers' goals have changed," Amir Lev, CEO of CommTouch, said in an e-mail interview with SecurityFocus. "They are doing 'good' business now. They do not focus on finding vulnerabilities in Microsoft and other products, they look for 'vulnerabilities' (in) the AV (antivirus) systems."

The technique is effective. While antivirus program's pattern recognition algorithms, frequently referred to as heuristics, may have stopped a large fraction of the variants, creating signatures to catch all the versions takes time. Response to a new variant--including developing, testing and distributing a signatures--takes hours at a minimum. Responding to thousands can take much longer.

During a January interview, one McAfee researcher underscored the headaches caused by the Storm Worm.

"Every day, it has been a new set of subject lines and new tactics to get people to open these," Allysa Myers, virus research engineer for security software maker McAfee, said in an interview with SecurityFocus. "They have had mass seedings of new variants every day this week."

The program highlights a number of changes in the techniques used by criminal Internet groups. The Storm Worm spreads in fairly large, but controlled, bursts of e-mail through previously compromised computers. Each burst typically sends out a custom variant, trying to infect systems before the user updates their antivirus definitions. The program compromises systems by luring their users into opening the attachments of messages with subject lines regarding current news events, including violent storms in Europe--a characteristic that led to the program's naming.

While some other programs have used a similar tactics, the Storm Worm's focus on propagation through sheer permutation carries the trend to a new level. The technique exploits a weakness, not in the software, but in the system. Analyzing malicious code requires, for the most part, human researchers, and the coders hope to overwhelm the human component long enough to compromise as many systems as needed.

"Signatures are still needed but the amount of malware that is being produced and the speed with which it changes means that you need a lot of researchers," said Alex Shipp, a researcher for e-mail security provider MessageLabs.

Other firms have witnessed the trend first hand. In 2006, antivirus firm Kaspersky Lab added 80,000 virus-pattern records to its product, roughly doubling the number added in 2005, said Eugene Kaspersky, the co-founder and head of research and development for antivirus firm.

"This is a competition where the antivirus companies, I fear, are not in a good position," Kaspersky said.

The Storm Worm is all about creating massive networks of compromised computers that can be controlled by a single group or individual. The networks, known as bot nets, don't need to be large to be useful. A bot net of several thousand computers is more than enough to mount a severe denial-of-service attack or send out a digital deluge of stock spam--common uses for the networks--and, of course, send out more copies of the Trojan horse. (This aspect of the Storm Worm is the subject of the first part of this two-part series.)

"The guys are very aggressive with the variants, and that has defeated the more simplistic AV engines out there," said Jose Nazario, senior security researcher for Arbor Networks.

The Storm Worm is likely responsible for creating a bot net that contains more than 20,000 computers and perhaps as many as 100,000, Nazario said. Other evidence appears to indicate that there is more than one Storm Worm-related bot net.

The spread of the Storm Worm has forced antivirus firms to create better defenses to automatically block such threats, rather than depend on simple heuristics or signatures.

Unlike previous malicious code, such as mass-mailing computer viruses, the Storm Worm is not a program that spreads aggressively on its own. Rather, the Trojan horse awaits orders from a central command post to send out the next round of variants. The control has made the program, if not stealthy, then more difficult to stop. The bursts of new variants make a quick response even more important, and the fact that the variants do not exploit a single vulnerability, but users' trust, make them more difficult to stop.

"Vulnerability-based exploits only require a single, or at most a few, signatures," said Vince Hwang, group product manager for security response at Symantec, the owner of SecurityFocus. "The ones that rely on user interaction are definitely a challenge. It is all social engineering."

Other attacks, known as targeted Trojan horses, exploit a related issue to dodge antivirus defenses. By sending out malicious code to an extremely small number of victims--often fewer than 10 specific individuals--the malicious software attempts to sneak under defenders' radar. Underscoring the less-is-more tactic, programs--such as the Storm Worm and targeted Trojan horses--have not made the monthly top-10 lists of security firms' most pervasive threats. On MessageLabs latest top-10 list, for example, Netsky, MyDoom, and Bagle--viruses that are almost two years old--command six of the 10 slots.

For both variant-heavy threats such as the Storm Worm and sneaky targeted Trojan horses, blocking the threat immediately requires technology that does not need to know about the attack, or its pattern, beforehand. And self-propagation, the hallmark of computer viruses, is no longer an adequate indicator of bad behavior.

"For over a year now, viruses are not viruses," said CommTouch's Lev. "There are no more epidemics. Instead, they (spammers) use bot nets to send spam and then more malware."

Perhaps the most significant technology under development at various antivirus firms is typically referred to as behavior blocking. The technique identifies malicious programs by what actions they take, not by the code that makes them up.

The defense is actually a blast from the past. Antivirus firms and early developers played with the approach more than a decade ago. Gatekeeper for the Mac, created by Chris Johnson in the early 1990s, detected malicious code by noting suspicious actions. Personal firewalls attempt to block malicious programs from communicating out to the Internet.

Several antivirus firms--including Sophos, F-Secure and Grisoft--are building next-generation behavior analysis into their products. The modern technique creates a virtual sandbox for any program run on the system and monitors the behavior of the program until a determination can be made of whether the code is malicious or benign.

"If you are seeing something that is obviously poking its head into things that it shouldn't be, then we can shut it down," said Larry Bridwell, vice president of communications for antivirus firm Grisoft.

Unlike the simple techniques in the past that generally decided whether a program was malicious based on a single action, the latest techniques allow a program to run longer, reducing false alarms.

"What did it take for behavioral analysis to work?" said Bridwell. "Big processors, big memory and big bandwidth. And we didn't have that before."

While viruses make up a smaller portion of threats each year--about 10 percent of what Grisoft sees are viruses, said Bridwell--don't expect the term "antivirus" to go away. Grisoft attempted to sell a product as anti-malware and consumers panned it on the name alone.

"To some analysts, some press and every user, it doesn't matter what the program does, it's antivirus," Bridwell said.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

U.S. networks pumped out the highest percentage of attacks during the second half of last year, with China running a distant second, according to a report released Monday by security firm Symantec.

The U.S. accounted for 31 percent of malicious activity originating from computer networks, while 10 percent came from China and 7 percent from Germany, Symantec said in its Internet Security Threat Report.

The company also found that 51 percent of all known servers used by attackers to buy or sell stolen personal information, such as credit card or bank account numbers, are located in the U.S.

U.S.-based credit cards, with accompanying verification numbers, were found to be selling for $1 to $6 each on these servers. But a more thorough roundup of personal-identification data--including a person's birthdate and banking, credit card and government-issued identification numbers--fetched $14 to $18, the report noted.

Internet thieves increasingly are turning to Trojan-horse software, which can load keylogging software onto unsuspecting victims' computers. The software is able to harvest people's log-in names and passwords to various accounts and can glean other sensitive information people type into their computers.

Trojans accounted for 45 percent of the top 50 malicious code samples collected by Symantec during the second half of last year, up from 23 percent in the previous six months. Symantec noted that that significant jump further reflects a movement away from mass-mailing worms--programs that spread software viruses and clog networks.

Phishing, an attempt by attackers to trick people into revealing personal or financial information, largely occurs during the weekday, the report noted. Many phishing attacks begin with an e-mail that appears to be from a legitimate source but in fact contains a malicious attachment or includes a link to a malicious Web site. During the second half of the year, a daily average of 961 phishing e-mails were sent to people on weekdays; 27 percent fewer phishing messages were sent out on weekends.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Tip: People Forget, Computers Don't In 2003, the British Government published a report on Iraq's security and intelligence organizations. Then a Cambridge University lecturer discovered that much of the document was copied from three different articles, one written by a graduate student. How did he know? The document contained a listing of the last 10 edits, even showing the names of the people who worked on the file. Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format(WYSIWYG) or else run them through Microsoft's Hidden Data Removal tool.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

This was an exclusive operation to test the effects of utilizing the EM-SEC Coating System as a viable solution to enabling the safe and secure operation of wireless networks within the confines of an architectural enclosure. The EM-SEC Coating System used for these tests is a series of water-based shielding products that restrict the passage of airborne RF (Radio Frequency) signals. The EM-SEC Coating was initially developed to aid the U.S. Government and Military in shielding operation centers in order to safeguard mission critical information against threats to national and homeland security. These tests revealed that EM-SEC Coating can now successfully be utilized by corporate and private companies.__________________

In regards to the above post, the Army is beginning or have been changing their views on information warfare for some time now. I attended a briefing and basicly vulnerabilities that are caused by "dumb" mistakes are taken seriously and viewed the same as leaving the door to the arms room open. Information Security is turning into a hotspot.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------1. Security MythsMyth: I don't have to worry about identity theft because I never buy anything online using my credit card.Truth: Not so, says, the 2006 Identity Fraud Survey Report, released by the Council of Better Business Bureaus and Javelin Strategy & Research.Most personal information compromises--90 percent--take place through traditional offline channels and not via the Internet. Lost or stolen wallets, checkbooks, or credit cards continue to be the primary source of personal information theft (30%). Almost half (47%) of all identity theft is perpetrated by friends, neighbors, in-home employees, family members or relatives--someone known to the victim. Persons 65 years and older have the lowest rate of identity fraud (2.3%). The majority of victims are between the ages of 35 and 44, and within that group, the average amount of the fraud is $9,435 per incident.More information: http://www.bbbonline.org/IDTheft/safetyQuiz.asp

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

--Navy Computer Sabotage Draws One-Year Prison Sentence (April 5, 2007) A former government contractor has been sentenced to one year in prison for sabotaging Navy computers after his company's bid for another project was not accepted. Richard F. Sylvestre has pleaded guilty to one count of damaging protected computers; he could have faced up to 10 years in prison. Sylvestre's company at the time, Ares Systems, had a contract to maintain computers for the Navy's 6th Fleet in Naples, Italy. Sylvestre admitted to placing malicious code on the Navy computers. The computers were used to help submarines navigate andavoid collisions with undersea hazards and other submarines. Sylvestrehas also been ordered to pay a fine of US $10,000 and will serve three years probation following his release from prison. He has repaid the Navy US $25,000 for damages.http://content.hamptonroads.com/story.cfm?story=122352&ran=199274[Editor's Note (Northcutt): [Editor's Comment (Northcutt): It is important to memorize a few stories like this one, and share them with others, because most organizations do not give enough attention to the insider threat. It is natural to want to trust your own people. Richard has had access to DoD systems since at least year 2000 as the link below shows, so you have to wonder what else he has done to reduce the security of our nation's computers:http://www.defenselink.mil/contracts/contract.aspx?contractid=1808

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

The 10-year war mounted by EU bureaucrats and Europe's communications giants against America's leading wireless technology innovator, Qualcomm, is now reaching a climax. On Monday, Nokia refused to renew licenses on next generation technology following EU ally Broadcom's suit at the International Trade Commission to bar import of cellphones containing Qualcomm chips from factories in Taiwan.

A decade ago, with its single, unifying cellphone standard known as GSM, Europe led the world in mobile communications. But threatened by Qualcomm's CDMA breakthrough, the Europeans launched a ferocious political and PR offensive, hoping to scare off potential customers of the young American firm. The technology was all hype, they said; it "violated the laws of physics."

When Qualcomm proved them wrong and its mobile technology deployed across the U.S. and Korea, Europe went to plan B. They excluded the Americans from the standards process for third-generation, or 3G, technology, battled in the courts, and mandated their "new" system for all of Europe. But in fact, the new European and Japanese standard, called Wideband CDMA, was essentially a copy of the American CDMA system.

We've come a long way. With the new mobile system flourishing -- accommodating many times more voice callers and beating the previous generation in security, dropped calls and data -- everyone finally admitted that the American company had a lock on the fundamental technologies. The Europeans and Japanese licensed the American technology, CDMA and its sibling WCDMA, assuring that it would be the future of wireless mobile communications, an industry now selling a billion handsets a year.

Today, however, with those 3G licenses coming up for renewal and a fourth generation of wireless in sight, Europe is once again pushing the political levers to control the future -- this time with the unwitting assistance of the U.S. government. Although their immediate target is U.S. dominance in cellphone technology, a collateral victim would be the U.S. broadband economy.

Until recently, the obscure International Trade Commission played a minor role in the enforcement of patents. But with a Supreme Court ruling in 2006 making it more difficult for patent holders to win federal court injunctions against violators, complainants can now turn to the ITC. Unfortunately, complainants can also use an intellectual-property dispute as a cover for enmeshing competitors in the protectionist mazes of international trade law.

And that is what's happened to Qualcomm, the titan of U.S. intellectual property in wireless, with close to 5,700 patents on the next generation of cellphones and wireless data systems around the globe. Attempting to upend the San Diego titan's well-earned dominance are Broadcom and its European "Gang of Six" sponsors.

At a recent ITC public hearing, Broadcom CEO Scott MacGregor declared that the U.S. wireless telecom system would function better if it completely capitulated to the European standard. The Broadcom campaign began in May 2001 when it purchased, from an obscure bar-code and RFID company called Intermec, a set of three flimsy patents that they are now attempting to use to block the importation of all Qualcomm wireless data chips incorporating its (Qualcomm's) state-of-the-art data system called EV-DO.

EV-DO chips not only make mobile voice-over-IP possible, but they also allow cellphones to function more like multimedia computers, carrying eight to 10 times more data than previous technology. At the ITC public hearing, Verizon Vice President Richard Lynch noted that without EV-DO, "handsets go back to being voice and text."

Not coincidentally, Qualcomm recently announced an upgrade to EV-DO that permits transmissions at up to 9.3 megabits a second, a broadband service faster than U.S. wireline services and fast enough to permit mobile TV and streaming music with simultaneous voice and VoIP calling.

The Broadcom action is part of a campaign, reaching from Seoul through Brussels and cropping up in courts from New Jersey to California, to bring down Verizon's and Sprint's aggressive expansion programs for their EV-DO networks. The EU has its sights set on Qualcomm: The Eurocrats contend that with 20% of global market share in cell-phone technology, Qualcomm is a monopolist, guilty of the sin of inventing new systems needed for successful mobile Internet data access.

At stake in the litigation is who will control the next two phases of wireless technology -- 3G and 4G. Nokia's action on licenses is part of this coordinated attack.

However, with no commercially available alternatives to the Qualcomm EV-DO chips that Broadcom wants to block, the administrative law judge who considered Broadcom's claims noted that a "significant financial burden" falling on third parties, including handset manufacturers, wireless carriers and consumers, "weighed heavily" against categorical exclusion of cellphones containing the chips, which would take at least two years to replace.

And there's the rub. Wireless has become the largest source of profits for nearly all major telcos; and a paralysis on the wireless front would reverberate throughout the American broadband economy.

Verizon's mobile phones, for example, are about two-and-a-half times more profitable than its wireline phones. For the most recent quarter, Verizon Wireless profits were $804 million, while wireline profits were $393 million. AT&T affirmed the strategic importance of wireless last year when it acquired BellSouth for $67 billion. All analysts agreed AT&T's chief interest in BellSouth was the remaining 40% ownership of Cingular, the nation's largest mobile carrier with 54 million customers. And EV-DO's own strategic importance was manifest in the Sprint-Nextel merger. According to Sprint executive Bill Elliott, the ability to migrate Nextel customers to Sprint's EV-DO network "was one of the key reasons for the $35 billion merger."

In the past, U.S. telcos used wireline phone revenues to fund their wireless expansion; now they use revenues from wireless to fund fiber-to-the-home. It is profit from its wireless network, for example, that allows Verizon to maintain its stock price and attract the capital to sustain its ambitious $23 billion program of fiber deployments expected to reach 18 million households over the next four years. Any major setback at Verizon wireless would thus likely halt Verizon fiber.

Similarly, profits from the Qualcomm-based technology used by Cingular (now AT&T Wireless) for next generation systems will be critical to fund AT&T's ambitious Project Lightspeed broadband rollout.

Broadcom's attempt to close down Qualcomm on the basis of some flimsy patents on power-management techniques seems preposterous. The entire Qualcomm system, going back two decades, depends on an exquisite dance of exhaustively patented automatic gain controls and instant power regulation. But by the magic of injunctive relief at the ITC you can shut down the entire U.S. broadband industry in favor of European rivals.

With nearly all chips made or packaged overseas, the entire U.S. information economy now depends on ersatz "imports" based on designs and innovations that nearly all originate in the U.S. and generate profits here. The bottom line: Foreign governments can manipulate U.S. companies to favor their own industrial policies by pressing protectionist buttons at the ITC, putting much of U.S. broadband, wired and wireless, into sleep mode.

Is it not the ultimate irony that this new ITC authority is based on an obscure provision of that protectionist grim reaper, the disastrous Smoot-Hawley Tariff of 1930? Surely the president and Congress can act to remove this new U.S. vulnerability -- one that springs from laws and regulations based on an obsolete vision of segregated national economies shipping products across the seas in clipper ships in exchange for transfers of gold.

Mr. Gilder is a founder of the Discovery Institute and the Gilder Technology Fund. Both Broadcom and Qualcomm are on his Gilder Technology Report list of favored companies.

--Contract Employee Arrested for Computer Sabotage at CA Power Facility (April 20 & 21, 2007) A California man has been arrested for allegedly interfering with computers at the California Independent System Operator (Cal-ISO) agency, which "controls the state's power transmission lines and runs its energy trading markets." Lonnie Charles Denison's "security access was suspended at the request of his employer based on an employee dispute." The allegation is that when his attempt at a remote cyber intrusion failed, Denison gained physical access to the facility with his card key; apparently not all access had been suspended. Once inside the facility, Denison allegedly broke the glass protecting an emergency power cut-off station and pushed the button, causing much of the data center to shut down. Cal-ISO was unable to access the energy trading market, but the power transmission grid was unaffected.http://www.theregister.co.uk/2007/04/20/terrorists_among_us_flee_flee/print.htmlhttp://www.latimes.com/technology/la-fi-grid21apr21,1,5633750.story?coll=la-headlines-technology[Editor's Note (Skoudis): Here's a great opportunity for us all to emphasize to management the importance of removing access credentials thoroughly from systems at employee termination. It also highlights the need for removing such access from both the physical and computer/network assets. I treasure stories like this, which help us all to illustrate to management the importance of certain critical security actions so we can get the management attention and resources we need to do our jobs right.(Schultz): This is a really scary "lesson learned" that illustrates just how many types of access must be considered when user access is supposed to be revoked. The fact that this incident occurred in the electric power arena is very significant because the convergence problem between logical and physically access security in this arena has been a lingering, serious, and unresolved issue for years. ]

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Im not quite sure if this belongs in here, I thought I would just share it with those who like to tinker with to the creation of video / audio.I like to play with video editing and was thinking about purchasing a MAC for video editing, their product Final Cut Pro www.apple.com/finalcutpro/ is regarded as the best or at least one of the best for video editing. Anyway... long story short in my search of products I found

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Sophisticated Internet users have banded together over the last two days to publish and widely distribute a secret code used by the technology and movie industries to prevent piracy of high-definition movies.

The broader distribution of the code may not pose a serious threat to the studios, because it requires some technical expertise and specialized software to use it to defeat the copy protection on Blu-ray and HD DVD discs. But its relentless spread has already become a lesson in mob power on the Internet and the futility of censorship in the digital world.

An online uproar came in response to a series of cease-and-desist letters from lawyers for a group of companies that use the copy protection system, demanding that the code be removed from several Web sites.

Rather than wiping out the code — a string of 32 digits and letters in a specialized counting system — the legal notices sparked its proliferation on Web sites, in chat rooms, inside cleverly doctored digital photographs and on user-submitted news sites like Digg.com.

“It’s a perfect example of how a lawyer’s involvement can turn a little story into a huge story,” said Fred von Lohmann, a staff lawyer at the Electronic Frontier Foundation, a digital rights group. “Now that they started sending threatening letters, the Internet has turned the number into the latest celebrity. It is now guaranteed eternal fame.”

The number is being enshrined in some creative ways. Keith Burgon, a 24-year-old musician in Goldens Bridge, N.Y., grabbed his acoustic guitar on Tuesday and improvised a melody while soulfully singing the code. He posted the song to YouTube, where it was played more than 45,000 times.

“I thought it was a source of comedy that they were trying so futilely to quell the spread of this number,” Mr. Burgon said. “The ironic thing is, because they tried to quiet it down it’s the most famous number on the Internet.”

During his work break on Tuesday, James Bertelson, an engineer in Vancouver, Wash., joined the movement and created a Web page featuring nothing but the number, obscured in an encrypted format that only insiders could appreciate. He then submitted his page to Digg, a news site where users vote on what is important. Despite its sparse offerings, his submission received nearly 5,000 votes and was propelled onto Digg’s main page.

“For most people this is about freedom of speech, and an industry that thinks that just because it has high-priced lawyers it has the final say,” Mr. Bertelson said.

Messages left for those lawyers and the trade organization they represent, the Advanced Access Content System Licensing Administrator, which controls the encryption system known as A.A.C.S., were not answered. In an e-mail message, a representative for the group said only that it “is looking into the matter and has no further comment at this time.”

The organization is backed by technology companies like I.B.M., Intel, Microsoft and Sony and movie studios like Disney and Warner Brothers, which is owned by Time Warner.

The secret code actually stopped being a secret in February, when a hacker ferreted it out of his movie-playing software and posted it on a Web bulletin board. From there it spread through the network of technology news sites and blogs.

Last month, lawyers for the trade group began sending out cease-and-desist letters, claiming that Web pages carrying the code violated its intellectual property rights under the 1998 Digital Millennium Copyright Act. Letters were sent to Google, which runs a blog network at blogspot.com, and the online encyclopedia Wikipedia.

The campaign to remove the number from circulation went largely unnoticed until news of the letters hit Digg. The 25-employee company in San Francisco, acting on the advice of its lawyers, removed posting submissions about the secret number from its database earlier this week, then explained the move to its readers on Tuesday afternoon.

The removals were seen by many Digg users as a capitulation to corporate interests and an assault on free speech. Some also said that the trade group that promotes the HD-DVD format, which uses A.A.C.S. protection, had advertised on a weekly Digg-related video podcast.

On Tuesday afternoon and into the evening, stories about or including the code swamped Digg’s main page, which the company says gets 16 million readers each month. At 9 p.m. West Coast time, the company surrendered to mob sentiment.

“You’d rather see Digg go down fighting than bow down to a bigger company,” wrote Kevin Rose, Digg’s founder, in a blog post. “We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.” If Digg loses, he wrote, “at least we died trying.”

Jay Adelson, Digg’s chief executive, said in an interview that the site was disregarding the advice of its lawyers. “We just decided that it is more important to stand by our users,” he said. Regarding the company’s exposure to lawsuits he said, “we are just going to prepare and do our best.”

The conflict spilled over to Wikipedia, where administrators had to restrict editing on some entries to keep contributors from repeatedly posting the code.

The episode recalls earlier acts of online rebellion against the encryption that protects media files from piracy. Some people believe that such systems unfairly limit their freedom to listen to music and watch movies on whatever devices they choose.

In 1999, hackers created a program called DeCSS that broke the software protecting standard DVDs and posted it on the hacker site 2600.com. The Motion Picture Association of America sued, and Judge Lewis A. Kaplan of Federal District Court in Manhattan, citing the 1998 digital copyright act, sided with the movie industry.

The DVD code disappeared from the 2600 site, but nevertheless resurfaced in playful haiku, on T-shirts and even in a movie in which the code scrolled across the screen like the introductory crawl in “Star Wars.”

In both cases, the users who joined the revolt and published the codes may be exposing themselves to legal risk. Chris Sprigman, an associate professor at the University of Virginia School of Law, said that under the digital copyright act, propagating even parts of techniques intended to circumvent copyright was illegal.

However, with thousands of Internet users now impudently breaking the law, Mr. Sprigman said that the entertainment and technology industries would have no realistic way to pursue a legal remedy. “It’s a gigantic can of worms they’ve opened, and now it will be awfully hard to do anything with lawsuits,” he said.

The U.S. Army has ordered soldiers to stop posting to blogs or sending personal e-mail messages, without first clearing the content with a superior officer, Wired News has learned. The directive, issued April 19, is the sharpest restriction on troops' online activities since the start of the Iraq war. And it could mean the end of military blogs, observers say.

Military officials have been wrestling for years with how to handle troops who publish blogs. Officers have weighed the need for wartime discretion against the opportunities for the public to personally connect with some of the most effective advocates for the operations in Afghanistan and Iraq -- the troops themselves. The secret-keepers have generally won the argument, and the once-permissive atmosphere has slowly grown more tightly regulated. Soldier-bloggers have dropped offline as a result.

The new rules (.pdf) obtained by Wired News require a commander be consulted before every blog update.

"This is the final nail in the coffin for combat blogging," said retired paratrooper Matthew Burden, editor of The Blog of War anthology. "No more military bloggers writing about their experiences in the combat zone. This is the best PR the military has -- it's most honest voice out of the war zone. And it's being silenced."

Army Regulation 530--1: Operations Security (OPSEC) (.pdf) restricts more than just blogs, however. Previous editions of the rules asked Army personnel to "consult with their immediate supervisor" before posting a document "that might contain sensitive and/or critical information in a public forum." The new version, in contrast, requires "an OPSEC review prior to publishing" anything -- from "web log (blog) postings" to comments on internet message boards, from resumes to letters home.

Failure to do so, the document adds, could result in a court-martial, or "administrative, disciplinary, contractual, or criminal action."

Despite the absolutist language, the guidelines' author, Major Ray Ceralde, said there is some leeway in enforcement of the rules. "It is not practical to check all communication, especially private communication," he noted in an e-mail. "Some units may require that soldiers register their blog with the unit for identification purposes with occasional spot checks after an initial review. Other units may require a review before every posting."

But with the regulations drawn so tightly, "many commanders will feel like they have no choice but to forbid their soldiers from blogging -- or even using e-mail," said Jeff Nuding, who won the bronze star for his service in Iraq. "If I'm a commander, and think that any slip-up gets me screwed, I'm making it easy: No blogs," added Nuding, writer of the "pro-victory" Dadmanly site. "I think this means the end of my blogging."

Active-duty troops aren't the only ones affected by the new guidelines. Civilians working for the military, Army contractors -- even soldiers' families -- are all subject to the directive as well.

But, while the regulations may apply to a broad swath of people, not everybody affected can actually read them. In a Kafka-esque turn, the guidelines are kept on the military's restricted Army Knowledge Online intranet. Many Army contractors -- and many family members -- don't have access to the site. Even those able to get in are finding their access is blocked to that particular file.

"Even though it is supposedly rewritten to include rules for contractors (i.e., me) I am not allowed to download it," e-mails Perry Jeffries, an Iraq war veteran now working as a contractor to the Armed Services Blood Program.

The U.S. military -- all militaries -- have long been concerned about their personnel inadvertently letting sensitive information out. Troops' mail was read and censored throughout World War II; back home, government posters warned citizens "careless talk kills."

Military blogs, or milblogs, as they're known in service-member circles, only make the potential for mischief worse. On a website, anyone, including foreign intelligence agents, can stop by and look for information.

"All that stuff we used to get around a bar and say to each other -- well, now because we're publishing it in open forums, now it's intel," said milblogger and retired Army officer John Donovan.

Passing on classified data -- real secrets -- is already a serious military crime. The new regulations (and their author) take an unusually expansive view of what kind of unclassified information a foe might find useful. In an article published by the official Army News Service, Maj. Ceralde "described how the Pentagon parking lot had more parked cars than usual on the evening of Jan. 16, 1991, and how pizza parlors noticed a significant increase of pizza to the Pentagon.... These observations are indicators, unclassified information available to all … that Operation Desert Storm (was about to) beg(i)n."

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

--Google Research Finds 10 Percent of Web Pages Hold Malware (May 11, 2007) According to research from Google, 10 percent of web pages contain malicious code. Google closely analyzed 4.5 million web pages over the course of a year and found that approximately ten percent, or 450,000, had the capability of installing malware without users' knowledge. An additional 700,000 pages are believed to be infected with code that could harm users' computers. The company says it has "started an effort to identify all web pages in the Internet that could be malicious."Most entice users to visit the dangerous pages through tempting offers, and exploit holes in Microsoft Internet Explorer (IE) to install themselves on users' computers. Google also examined the vectors used by attackers to infect these web pages; most malicious code was located in elements beyond the control of website owners, such as banner advertisements and widgets.

[Editor's Note (Skoudis): This is a very good piece of research, and contributes significantly to our understanding the malware threat better. I recommend that you read it. Also, it shows that today's Internet is a cesspool of malware. Using mainstream browsers with patches that often follow weeks after exploits are in the wild is an increasingly dangerous proposition.]

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Published: June 2, 2007The small but technologically adept nation of Estonia has raised an alarm that should be heard around the wired world. Last month it weathered what some describe as the first real war in cyberspace when its government and much of its commerce nearly shut down for days because of an orchestrated Internet assault.

The assault on Estonia’s virtual society began in April after authorities moved a real bronze statue of a Soviet soldier from a central park in Tallinn to a military graveyard farther from the center of the city. For many Estonians, the statue was another reminder of Soviet invaders who took over their homes at Stalin’s orders. But Russians and Estonians of Russian descent immediately took to the streets to protest. The statue’s move was, for them, a sign of disrespect for Soviets who battled the Nazis in World War II.

The rioting and looting in Tallinn turned out to be nothing compared to what began happening to Estonia’s computers. Waves of unwanted data quickly clogged the Web sites of the government, businesses and several newspapers, shutting down one branch of their computer network after another. One minister described it as a kind of electronic blockade, like having the nation’s ports all shut to the sea. Estonian authorities charged that the data flood came on orders from the Kremlin. President Vladimir Putin’s government has denied any involvement.

In recent years, governments, businesses and individuals have focused on ways to keep hackers or destructive viruses from stealing or destroying sensitive information. But Estonia should put the computer-dependent world on full notice that there can be many offensive forms of information warfare and figuring out how to stop it — and ultimately who is behind it — is essential to all of our security.

June 8, 2007 —Hotspots. GPS. Internet-enabled phones. The world is going wireless. And a group of researchers are extending the concept to the car, turning automobiles into network nodes that can receive and send signals to others nearby.

As car after car enters the mobile network (some eventually drop out of range), drivers can download multimedia — including movies, images and songs — or get real-time information about traffic.

"Say you are driving and a car that is three miles in front of you spots an icy spot on the road. It can trigger back a signal saying, 'Look, there is an icy road,'" said Giovanni Pau, research scientist at the University of California's Network Research Lab in Los Angeles, which is led by Mario Gerla.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

A horror movie come to lifeThree Fircrest families receive death threats via cell phone. Even when the phones are off. Even when they get new phones.

SEAN ROBINSON; The News Tribune Published: June 20th, 2007 06:15 AM

Enlarge image Alison Yin/The News TribuneHeather Kuykendall and her daughter, Courtney, 16, display the cell phones they’ve abandoned in an attempt to cut off a stream of threatening messages from mysterious harassers. Courtney started receiving the calls in February. Other families have gotten them, too. Investigators suspect it’s an elaborate hoax.

Maybe it’s just a long-running prank, but the reign of terror endured by three Fircrest families buries the needle on the creepy meter. For four months, the Kuykendalls, the Prices and the McKays say, they’ve been harassed and threatened by mysterious cell phone stalkers who track their every move and occasionally lurk by their homes late at night, screaming and banging on walls.

Police can’t seem to stop them. The late-night visitors vanish before officers arrive. The families say investigators have a hard time believing the stalkers can control cell phones without touching them and suspect an elaborate hoax. Complaints to their phone companies do no good – the families say they’ve been told what the stalkers are doing is impossible.

Price and Kuykendall have given the callers a name: “Restricted.” That’s the word that shows up on their caller ID windows: on the land lines at home, and on every one of their cell phones.

Their messages, left at all hours, threaten death – to the families, their children and their pets.

“They tell us that they see us,” Kuykendall said Tuesday. “They tell us that they know everything we’re doing.”

It’s gotten so bad the sisters’ parents have offered a $1,000 reward to anyone who identifies the culprits.

The stalkers know what the family is eating, when adults leave the house, when they go to baseball games. They know the color of shirt Courtney Kuykendall, 16, is wearing. When Heather Kuykendall recently installed a new lock on the door of the house, she got a voice mail. During an interview with The News Tribune on Tuesday, she played the recording.

The stalkers taunted her, telling her they knew the code. In another message, they threatened shootings at the schools Kuykendall’s children attend.

Somehow, the callers have gained control of the family cell phones, Price and Kuykendall say. Messages received by the sisters include snatches of conversation overheard on cell-phone mikes, replayed and transmitted via voice mail. Phone records show many of the messages coming from Courtney’s phone, even when she’s not using it – even when it’s turned off.

Price and Kuykendall say the stalkers knew when they visited Fircrest police and sent a voice-mail message that included a portion of their conversation with a detective.

The harassment seems to center on Courtney, but it extends to her parents, her aunt Darcy and Courtney’s friends, including Taylor McKay, who lives across the street in Fircrest. Her mother, Andrea McKay, has received messages similar to those left at the Kuykendall household and cell phone bills approaching $1,000 for one month. She described one recent call: She was slicing limes in the kitchen. The stalkers left a message, saying they preferred lemons.

“Taylor and Courtney seem to be the hub of the harassment, and different people have branched off from there,” Andrea McKay said. “I don’t know how they’re doing it. They were able to get Taylor’s phone number through Courtney’s phone, and every contact was exposed.”

McKay, a teacher in the Peninsula School District, said she and Taylor recently explained the threats to the principal at Gig Harbor High School, which Taylor attends. A Gig Harbor police officer sat in on the conversation, she said.

While the four people talked, Taylor’s and Andrea’s phones, which were switched off, sat on a table. While mother and daughter spoke, Taylor’s phone switched on and sent a text message to her mother’s phone, Andrea said.

The Kuykendalls and Prices report similar experiences. Richard Price, Darcy’s husband, is a 26-year military officer, assigned to McChord Air Force Base. On a recent trip to the base, the stalkers sent him a message.

“McChord needs us,” the voice said.

Mari Manley, 16, one of Courtney’s close friends, is another victim of the harassment. She tried to avoid the calls by ignoring her phone. Late one night, she heard the phone making an unfamiliar noise. Her ringtone had changed.

“Answer your phone,” a guttural voice said. Manley saved the ringtone, and played it during an interview Tuesday.

The families and their friends have adopted a new routine: They block the cameras on their phones with tape. They take out the batteries to stop the calls. The Prices and Kuykendalls returned all their corrupted phones to their wireless company and replaced them with new ones. The threatening messages kept coming.

Fircrest Police Chief John Cheesman is familiar with the case and knows the families. His department is working the case with the Tacoma Police Department and the Pierce County Sheriff’s Office, he said. The agencies filed a search warrant for the phone records, but they didn’t reveal much. Many of the calls and text messages trace back to Courtney’s phone, which the family believes has been electronically hijacked.

Cell phone technology allows remote monitoring of calls, according to the U.S. Department of Commerce. Known as a “roving bug,” it works whether a phone is on or off. FBI agents tracking organized crime have used it to monitor meetings among mobsters. Global positioning systems, installed in many cell phones, also make it possible to pinpoint a phone’s location within a few feet.

According to James M. Atkinson, a Massachusetts-based expert in counterintelligence who has advised the U.S. Congress on security issues, it’s not that hard to take remote control of a wireless phone. “You do not have to have a strong technical background for someone to do this,” he said Tuesday. “They probably have a technically gifted kid who probably is in their neighborhood.”

Courtney Kuykendall says she has no idea who the stalkers are, though she knows police are suspicious. She believes someone followed her at school – a man in a hooded sweatshirt with a beard.

“Why would I do that?” Courtney said. “Why would I do that to people I care about? Why would I harass my own family?”

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

They've Got Your Number … … your text messages and address book, and a way to bug your calls. Why spam, scams, and viruses are coming soon to a phone near you.

It's a beautiful afternoon in Shepherd's Bush, a bustling neighborhood on the outskirts of London, and Adam Laurie is feeling peckish. Heading out of the office, he's about to pick up more than a sandwich. As he walks, he'll be probing every cell phone that comes within range of a hidden antenna he has connected to the laptop in his bag. We stroll past a park near the Tube station, then wander into a supermarket. Laurie contemplates which sort of crisps to buy while his laptop quietly scans the 2.4-GHz frequency range used by Bluetooth devices, probing the cell phones nestled in other shoppers' pockets and purses.

Laurie, 42, the CSO of boutique security firm the Bunker, isn't going to mess with anyone's phone, although he could: With just a few tweaks to the scanning program his computer is running, Laurie could be crashing cell phones all around him, cutting a little swath of telecommunications destruction down the deli aisle. But today Laurie is just gathering data. We are counting how many phones he can hack using Bluetooth, a wireless protocol for syncing cell phones with headsets, computers, and other devices.

We review the results of the expedition in a nearby pub. In the 17 minutes we wandered around, Laurie's computer picked up signals from 39 phones. He peers at his monitor for a while. "It takes only 15 seconds to suck down somebody's address book, so we could have had a lot of those," he says at last. "And at least five of these phones were vulnerable to an attack."

The "attack" Laurie mentions so casually could mean almost anything - a person using another person's cell to make long distance calls or changing every phone number in his address book or even bugging his conversations. There are, he says, "a whole range of new powers" available to the intrepid phone marauder, including nasty viral attacks. A benign Bluetooth worm has already been discovered circulating in Singapore, and Laurie thinks future variants could be something really scary. Especially vulnerable are Europeans who use their mobile phone to make micropayments - small purchases that show up as charges on cell phone bills. A malicious virus maker bent on a get-rich-quick scheme could take advantage of this feature by issuing "reverse SMS" orders.

Bluetooth security has become a pressing issue in Europe, where the technology is ubiquitous. The problem will migrate to American shores as the protocol catches on here, too. But in the long run, Bluetooth vulnerabilities are manageable: Handset manufacturers can rewrite faulty implementations, and cell phone users will learn to be more careful. A far bigger security nightmare for the US is Internet telephony, which is fast being adopted for large corporations and is available to consumers through many broadband providers. Voice over IP is, by design, hacker-friendly. No enterprising criminals have dreamed up a million-dollar scam exploiting VoIP technology yet. But when they do, it likely won't be something a simple patch can fix.

Bluetooth hacking is technically very different from VoIP hacking, but they're both surging for the same basic reason. Increasingly, telephones have become indistinguishable from computers, which makes them more useful, but also more vulnerable. VoIP, which routes calls over the Internet, gives users the power to port their phone number anywhere, package voice messages into MP3s and receive them as emails, and make cheap international calls. Yet VoIP, like Bluetooth, exposes your telephone to the same ills that regularly befall a desktop box - worms, spam, crashes.

"It's not like we've fixed the vulnerabilities on computers," says security expert Bruce Schneier, author of Secrets and Lies: Digital Security in a Networked World. "The phone network used to get its security from being closed, but VoIP phones will be just as bad as computers."

Many of today's hacks work because the traditional phone system was built on the premise that only large, monopolistic phone companies would be using it, and they would all play by the same rules. But the network isn't the telcos' private sandbox anymore; it can be manipulated and controlled by anybody who understands basic computer networking. The people who know this best are a new generation of phone hackers - aka phreakers - who aren't interested in following the rules. They're busy ripping apart the latest phones to discover what can make them turn against their owners. As the phone companies and handset makers lumber along, we can only hope that the phreaks in white hats figure out some fixes before the blackhats move in for the kill.

Laurie, whose laptop is now packed with information from vulnerable cell phones in the Shepherd's Bush, has become infamous in Britain for conducting a similar experiment in the House of Parliament, where he had the opportunity (which he didn't take) to copy the address books and calendars of several prominent politicians. That excursion resulted in a mandate that all Bluetooth devices be turned off in the House of Parliament.

As the inventor of "bluesnarfing," a hack that uses Bluetooth to peek at data stored on cell phones, Laurie is dedicated to publicizing the danger of a wide-open Bluetooth connection. A bluesnarf attack can identify an unprotected phone and copy its entire address book, calendar, photos, and any other information that happens to be inside. Using a bluesnarf program, a phreak can also crash any phone within range by using Bluetooth to broadcast what Laurie calls "a corrupted message."

Bluesnarf was born after Laurie scrutinized the code running some Bluetooth headsets his staff was using. He wasn't happy with what he found. "Gaping security holes," he says with a frown. Rebuffed by the cell phone companies to which he reported the problems, he conceived of bluesnarf as a publicity stunt, a tool that would dramatize the danger of owning these phones.

Compounding Bluetooth's technical vulnerabilities are problems with the way people use it. Most folks leave Bluetooth on all the time, often because they don't bother to learn how to turn it off. Even tech-savvy types tend to keep their connections open. "People have heard about 'toothing,' where strangers send each other flirtatious messages via Bluetooth," he says. Hoping to get toothed, they risk an entirely different kind of penetration.

The risk doesn't end with snarfing. Another way to use Bluetooth to hijack a phone completely is bluebugging, and Laurie gives me a quick demo. He runs the bluebug software on his laptop, and it quickly locates an Ericsson t610 phone he's set on the table between us (not all phones can be bluebugged, but this model can). His computer connects to the phone and takes it over, remotely. Tapping the keyboard, Laurie sends the t610 a command to ring up the phone on his belt. It bleeps. He answers. We've got a bluebug.

Invented by Austrian researcher Martin Herfurt earlier this year, bluebugging is the perfect weapon for corporate spies. Let's say you and I are competing for a big contract with an oil company. I want to hear everything that happens in your meeting with the VP of Massive Oil Inc., so I hire a blackhat phreak to take over your cell phone. Once he's bluebugged it, I tell him to have your mobile call mine. The phone that's sitting in your jacket pocket is now picking up everything you and the VP say during your conversation, and I can hear the prices you're quoting as clear as a bell on my own phone. "A cell phone is the ultimate well-engineered bugging device," Laurie says.

Unlike bluesnarfers, who need only some gear and know-how, the bluebugger first has to get your cell phone to pair with his computer, establishing a "trusted" data link. Laurie explains one crafty way to make this happen. "You just say, 'Gee, that's a cool phone, can I see it?'Punch a few buttons to establish the pairing, and hand it back." As soon as the pairing is complete, the bluebugger can commandeer every aspect of the phone. He can initiate calls, send SMS messages, even overwrite the address book and contacts list.

Laurie's revelation is disturbing, but the fact that phreakers need to approach and interact with their intended targets significantly cuts down on the number of victims. Yet British security consultant Ollie Whitehouse, whose Bluetooth-hunting program Redfang has made him a celebrity among phreakers, describes another a way to bluebug - a method that doesn't demand the eavesdropper come into physical contact with the target's phone. In this case, the trick is to sniff the data traffic traveling to and from a Bluetooth phone when it's pairing with another device, like a headset. Armed with this information, an attacker can bluebug the phone by pretending to be the trusted device with which it regularly networks.

Cell phone companies argue that bluesnarfing and bluebugging are minor threats because Bluetooth is designed to work only over short distances, 20 feet or less, requiring attackers to be close to their targets.

Enter the Bluetooth sniper rifle. Made from $200 worth of off-the-shelf parts, the sniper is a Bluetooth antenna optimized for long-distance use. It can send and receive faint signals at more than a thousand yards. With the sniper - or a wireless weapon like it - bluesnarfers and bluebuggers no longer have to be in the same room as their targets. "By smashing any notion that distance is an issue," says 24-year-old inventor Jon Hering, a student at the University of Southern California, "we showed that bluebugging is a real-world threat."

Surely the phone companies must be doing something to protect us from all this. Keith Nowak, a spokesperson at Nokia, suggests "just turning off Bluetooth - or switching into hidden mode."

Whitehouse laughs at that advice. Redfang, his signature phreak tool, is specifically designed to find Bluetooth devices in hidden mode. And given that so few people actually do turn off Bluetooth, their phones are susceptible to countless hacks - ones that Hering's sniper rifle could launch from half a mile away.

The Default Radio boys, rock stars in the phreak underground, are onstage at DefCon, the venerable hacker conference that's sort of a cross between the Ozzfest mosh pit and an after-hours party for NSA agents. Wearing baseball caps, T-shirts, and baggy jeans, the boys are doing a live version of their phreak-friendly streaming-audio talk show. The long table in front of them is covered with telephone equipment and computers.

A Defaulter using the nom de phreak Lucky225 steps up to the mike. With a phone tucked between his ear and shoulder and the keyboard under his fingers, he looks like a cross between a DJ and a telephone line repairman.

Lucky regales the audience with a tale about his favorite VoIP hack: He can make a VoIP phone display whatever caller ID number he chooses. To prove his point, he tells us he can impersonate "Jenny," the girl from the pop song by Tommy Tutone.

Earsplitting static issues from the speakers, and suddenly we hear a thunderous dial tone. Lucky has routed his VoIP phone through the sound system. He dials MCI's caller ID readback line, a service that identifies whatever number you're calling from. A robotic voice slowly intones Lucky's number: "eight-six-seven-five" - the crowd erupts, screams of laughter mingling with groans - "three-zero-nine."

Having demonstrated his power over caller ID, Lucky proceeds to tell the phreak-packed auditorium how he spoofed the number. Turns out the whole thing is a social hack. A few days before, he called his service provider, Vonage, and told them he wanted to port all his cell phone calls to the Internet phone connected to his computer. His cell number is 867 5309, he lied, and Vonage believed him. Now it's rerouting all calls made to Jenny on the Vonage network to Lucky.

Naturally, Vonage also set the caller ID on Lucky's VoIP phone to Jenny's number - so any time he dials out, it looks like he's calling from 867 5309. A lot of systems depend on receiving accurate caller ID - credit card-activation lines, voicemail systems, even 911. So being able to control what a called party sees after you dial can be a potent weapon. Armed with your caller ID, an identity thief could order a new ATM card, activate it over the phone, and use it to empty your bank account. And, given that many voicemail boxes will play their contents to any phone with the right caller ID, you could be opening up your private life to anyone with a Vonage phone.

After the show, I ask Lucky why he got into the phreak scene. "Well," Lucky deadpans, sketching out plans for a network of cans and rubber bands, "I wanted to start this elastic-based phone system " He's a prankster, but with a purpose - to make clear to the public that VoIP is a privacy nightmare. "Yup," he concludes, still pondering voice over elastic, "I think this tin can shit is really going to take off."

Steve Wozniak, the Apple computer pioneer whose phreak days began in the 1970s, says pranks are what it's all about. "Those of us who have the phreaker mentality see playing with the world as fun, but in these times it's hard for people to see us as harmless."

Maybe so, but Vonage doesn't seem too concerned. When I contact the company later to find out whether they know about Lucky's caller ID trick and what they are doing to stop it, executive VP Louis Holder admits they're not doing anything. "We allow people to do what he did," Holder says. "We give people a temporary phone number before we verify it with the phone company, and verification takes a couple of weeks. Somebody could pick the White House number and pretend to be the president."

Today's phreaks have the power to crash the phone system - but they also have the power to rebuild it. Lucky's joke about creating his own network out of tin cans and rubber bands isn't that far from the truth. Slestak, Da Beave, and GiD are the crew behind Florida-based Telephreak.org, a free VoIP service that they've built to run on a roll-your-own, open source private branch exchange (PBX) system called Asterisk.

Typically used by businesses, a PBX consists of computers that route calls between what amounts to a phone intranet and the public telephone system. A company using a PBX might pay for 100 lines that service 500 employees, linking callers to the outside world, voicemail, or conferences by dynamically connecting phone calls using whichever landlines are open. In the past, all these connections would be managed by the phone company or a proprietary, closed black box in the server room. But with Asterisk, there's no need for the phone company to manage your lines anymore. You can do it yourself.

The Telephreak crew has created its own private phone company for themselves and their friends - one that never sends a bill. Dial an access line to check voicemail, create conference calls, forward calls to other phones, even get a new number. And never pay a cent.

Currently, there are several hundred voicemail accounts, and the system can handle a hundred simultaneous calls. Although the Telephreak crew has to pay for connectivity to Ma Bell, the amount is so negligible that they're willing to eat the money. It's a small price to pay for freedom.

I'm talking to them on a Telephreak conference call, and the sound is a little fuzzy. Beave, identifiable by his slight southern twang, tells me he's working on ironing out the bugs. It's a little strange to know someone is manipulating your phone connection while talking to you. Suddenly, the sound is perfect. We've been rerouted. Slestak's voice comes in loud and clear: "My connection to you guys right now is going across a cordless phone with a box to the server, then to Telephreak. My dial tone is coming from the West Coast."

One of the best things about building your own PBX is that you can do what Slestak calls "chemistry experiments" with the phone system. Some PBX phreakers, like Telediablo, even provide a caller ID spoofing service: With it, there's no need to lie to Vonage - you simply call up Telediablo's PBX, plug in the number you want to use as your caller ID, then dial the party you want to trick. When I try out his little hack, I pick the number 666 6666. Next, I key in a nearby friend's number. It rings. My friend shows me his caller ID window: Now I feel like a phreak. Instead of displaying my number, his phone is displaying the devil's digits.

There are other PBX tricks - like caller ID unmasking, which can sometimes reveal the actual phone number of a caller, regardless of whether they've paid to have their number blocked. So if you think you're anonymous on the telephone system, think again.

Probably the most unsettling discovery made by whitehat phreakers is that VoIP providers and wireless companies are willing to peddle phones and services that they know perfectly well are vulnerable to all kinds of attacks. After several months of bad publicity in the UK, where Laurie and Whitehouse are based, the cell phone companies are responding. Nokia and Sony Ericsson have issued patches, and Motorola says that its security flaws have been fixed in the newer models. And upstart VoIP provider Skype is marketing built-in encryption. Meanwhile, the Bluetooth Consortium - a group of industry leaders, including Nokia and Sony Ericsson, whose products incorporate Bluetooth - focused explicitly on security at its UnPlugFest in Germany last month. At the meeting, security experts (including Laurie) rated each company's phones in terms of their resistance to common attacks. Still, nobody is tracking bluesnarf or bluebug attacks to measure the extent of the problem - nobody but the whitehat phreaks themselves.

Whitehouse has written a program he calls Sweet Tooth that can detect the signature radio signals sent by bluesnarfers. Modeled on honeypot programs that law enforcement and security analysts use to detect hackers on the Internet, Sweet Tooth could provide accurate statistics on how prevalent bluesnarf attacks really are. The program is ready for action, says Whitehouse. The question now is whether law enforcement and the phone companies will actually deploy it, however. Ignoring the problem is not going to make it better - especially because phone hacking is only going to get easier.

Bluetooth phreaking is just the beginning. The holes will get patched, but the problem won't go away, because all the tools that hackers have spent decades developing will now be repurposed to hijack your phone. Next-generation handsets will have three entry points for the blackhats: If a snarfer can't suck down your data with Bluetooth, he'll try your Wi-Fi port, and if that doesn't work, infrared.

"I guess that's the price you pay for convergence," Whitehouse says.

The Great Cell Phone Robbery

How security flaws in today's mobile phones could add up to tomorrow's perfect crime.

Step 1: ApproachA virus-spreader enters Heathrow Airport toting a briefcase with a laptop and an external antenna. The rig can sniff Bluetooth signals from up to 20 feet away - and with just a bit of hacking, it can be modified to send and receive signals over much greater distances.

Step 2: DiscoverUsing a program like bluesnarf, the laptop automatically finds Bluetooth phones with firmware vulnerable to remote takeover. This process is completed in less than 15 seconds.

Step 3: Take overThe laptop sends a program to all the vulnerable phones. Disguised as a game or a marketing promotion, the program is really a Trojan horse hiding a nasty virus. Once the user launches it, the virus hijacks the phone's operating system, taking over basic functions like dialing and messaging.

Step 4: PropagateThe target phone is now infected, and it reacts by broadcasting the virus to other vulnerable Bluetooth phones within 20 feet. Within minutes, thousands of phones can be infected.

Step 5: StealCommandeering the phones' SMS system, the virus uses a popular European micropayment system called reverse SMS to transfer 10 euros from each phone to a temporary account in Estonia. The virus requests the transfer and stays in control until it can confirm the order. The account is closed long before any user sees the charge reflected on the monthly bill.

Annalee Newitz (annalee@techsploitation.com), a policy analyst at the Electronic Frontier Foundation, wrote about dating optimizers in issue 12.06.

American consumers are poised to reap a windfall of benefits from a new wave of broadband deployment. But you would never know it by the rhetoric of those who would have us believe that the nation is falling behind, indeed in free fall.

Looming over the horizon are heavy-handed government mandates setting arbitrary standards, speeds and build-out requirements that could favor some technologies over others, raise prices and degrade service. This would be a mistaken road to take -- although it would hardly be the first time in history that alarmists have ignored cold, hard facts in pursuit of bad policy.

Exhibit A for the alarmists are statistics from the Organization for Economic Cooperation and Development. The OECD says the U.S. has dropped from 12th in the world in broadband subscribers per 100 residents to 15th.

The OECD's methodology is seriously flawed, however. According to an analysis by the Phoenix Center, if all OECD countries including the U.S. enjoyed 100% broadband penetration -- with all homes and businesses being connected -- our rank would fall to 20th. The U.S. would be deemed a relative failure because the OECD methodology measures broadband connections per capita, putting countries with larger household sizes at a statistical disadvantage.

The OECD also overlooks that the U.S. is the largest broadband market in the world, with over 65 million subscribers -- more than twice the number of America's closest competitor. We got there because of our superior household adoption rates. According to several recent surveys, the average percentage of U.S. households taking broadband is about 42%; the EU average is 23%.

Furthermore, the OECD does not weigh a country's geographic size relative to its population density, which matters because more consumers may live farther from the pipes. Only one country above the U.S. on the OECD list (Canada) stretches from one end of a continent to another like we do. Only one country above us on this list is at least 75% rural, like the U.S. In fact, 13 of the 14 countries that the OECD ranks higher are significantly smaller than the U.S.

And if we compare many of our states individually with some countries that are allegedly beating us in the broadband race, we are actually winning. Forty-three American states have a higher household broadband adoption rate than all but five EU countries. Even large rural western states such as Montana, Wyoming, Colorado and both Dakotas exhibit much stronger household broadband adoption rates than France or Britain. Even if we use the OECD's flawed methodology, New Jersey has a higher penetration rate than fourth-ranked Korea. Alaska is more broadband-saturated than France.

The OECD conclusions really unravel when we look at wireless services, especially Wi-Fi. One-third of the world's Wi-Fi hot spots are in the U.S., but Wi-Fi is not included in the OECD study unless it is used in a so-called "fixed wireless" setting. I can't recall ever seeing any fixed wireless users cemented into a coffee shop, airport or college campus. Most American Wi-Fi users do so with personal portable devices. It is difficult to determine how many wireless broadband users are online at any given moment, since they may not qualify as "subscribers" to anyone's service.

In short, the OECD data do not include all of the ways Americans can make high-speed connections to the Internet, therefore omitting millions of American broadband users. Europe, with its more regulatory approach, may actually end up being the laggard because of latent weaknesses in its broadband market. It lacks adequate competition among alternative broadband platforms to spur the faster speeds that consumers and an ever-expanding Internet will require.

Europe also suffers from a dearth of robust competition from cable modem and fiber. Cable penetration is only about 21% of households. In the U.S., cable is available to 94% of all households. Also, the U.S. is home to the world's fastest fiber-to-home market, with a 99% annual growth rate in subscribers compared with a relatively anemic 13% growth rate in Europe.

In fact, the European Competitive Telecommunications Association reported last fall that Europe is experiencing a significant slowdown in the annual growth rate of broadband subscriptions, falling to 14% from 23% annual growth. Growth stalled in a number of countries, including Denmark and Belgium (4% in each country). And France -- a relative star -- exhibited just 10% growth. Yet all of these nations are "ahead" of us on the much-talked-about OECD chart.

Here in the U.S., the country that is allegedly "falling behind," broadband adoption is accelerating. Government studies confirm that America's broadband growth rate has jumped from 32% per year to 52%. With new numbers expected shortly, we anticipate a continued positive trend. Criticisms of our definition of "broadband" being too lax are already irrelevant as over 50 million subscribers are in the 1.5 to 3.0 megabits-per-second "fast lane."

Our flexible and deregulatory broadband policies provide opportunities for American entrepreneurs to construct new delivery platforms enabling them to pull ahead of our international competitors. For instance, newly auctioned spectrum for advanced wireless services will spark unparalleled growth and innovation.

Soon, we will auction even more spectrum in the broadcast TV bands to spur more broadband competition. In addition, we are in the midst of testing powerful new technologies to use in spectrum located in the "white spaces" between broadcast TV channels.

This is all wonderful news for our future. In a competitive market, consumer demand compels businesses to innovate. History has proven that, just when we think we are going to "run out" of spectrum, some brilliant entrepreneur finds a way to use the airwaves more efficiently.

By some estimates, since Marconi's first radio transmission 110 years ago spectrum capacity has doubled every two and a half years, while the cost of delivering information over wireless platforms has dropped by half every 42 months.

When the Internet was just used for email and static websites, dial-up services satisfied consumer demand. But when Napster came along, we saw a huge spike in cable modem and DSL take-up rates -- necessary tools in the art of stealing music. (Please obtain your music legally!)

Today, video applications are tugging hard on America's broadband infrastructure. YouTube alone uses as much bandwidth today as the entire Internet did in 2000. Not surprisingly, our broadband adoption rate continues to increase concurrently with the proliferation of this latest "killer app."

Consumers don't buy fat pipes for their own sake; they buy applications and content that require fat pipes. As consumer demand for more bandwidth-intensive applications and content increases, so does the incentive for network owners to provide more bandwidth. While America is on the right track, we can and will do more. We are creating more competition through the construction of new delivery platforms. We are clearing away unnecessary regulatory underbrush that may inhibit investment needed to fund more competition. We are also creating an atmosphere of regulatory certainty and parity.

When it comes to broadband policy, let's put aside flawed studies and rankings, and reject the road of regulatory stagnation. In the next few years, we will witness a tremendous explosion of entrepreneurial brilliance in the broadband market, if the government doesn't micromanage. Belief in entrepreneurs and a light regulatory touch is the right broadband policy for America.

Mr. McDowell is a commissioner on the Federal Communications Commission

-iPhone Vulnerability Lets Attackers Take Control (July 23, 207) A trio of individuals has contacted Apple Computer regarding a flaw they discovered in the iPhone that could be exploited to take control of the device. The three recommended a patch for the flaw and noted that the phone has strong security measures, but "once [they] managed to find a hole, [they] were in complete control." One of the three plans to present additional information about the vulnerability at a conference at the beginning of August. Once in control, attackers could use the phone to make calls, access data on the phone, or even use it as a bugging device. The flaw can be exploited through malicious sites or a man-in-the-middle attack; users need to be tricked into accessing a malicious wireless access point. The three also observed that "all processes of interest run with administrative privileges. This implies that a compromise of any application gives an attacker full access to the device."http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&oref=slogin&pagewanted=printhttp://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027560&source=rss_topic17[Editor's Note (Pescatore): This may not sound like an enterprise worry, but it is pretty easy to connect the iPhone to corporate email systems.You know that it will creep into use by your employees regardless of policy that says "Don't." Like all immature software, more vulnerabilities will continue to be found - Apple needs to provide enterprise support features so that vulnerability management and data protection can be extended to the iPhone.]

Army Reports Brass, Not Bloggers, Breach SecurityBy Noah Shachtman 08.17.07 | 2:00 AM For years, the military has been warning that soldiers' blogs could pose a security threat by leaking sensitive wartime information. But a series of online audits, conducted by the Army, suggests that official Defense Department websites post material far more potentially harmful than anything found on a individual's blog.

The audits, performed by the Army Web Risk Assessment Cell between January 2006 and January 2007, found at least 1,813 violations of operational security policy on 878 official military websites. In contrast, the 10-man, Manassas, Virginia, unit discovered 28 breaches, at most, on 594 individual blogs during the same period.

The results were obtained by the Electronic Frontier Foundation, after the digital rights group filed a lawsuit under the Freedom of Information Act.

"It's clear that official Army websites are the real security problem, not blogs," said EFF staff attorney Marcia Hofmann. "Bloggers, on the whole, have been very careful and conscientious. It's a pretty major disparity."

The findings stand in stark contrast to Army statements about the risks that blogs pose.

"Some soldiers continue to post sensitive information to internet websites and blogs," then-Army Chief of Staff Peter Schoomaker wrote in a 2005 memo. "Such OPSEC (operational security) violations needlessly place lives at risk." That same year, commanders in Iraq ordered (.pdf) troops to register their blogs "with the unit chain of command."

Originally formed in 2002 to police official Defense Department websites (.mil), the Army Web Risk Assessment Cell, or AWRAC, expanded its mission in 2005. A handful of military bloggers, including then-Spec. Colby Buzzell, were seen as providing too many details of firefights in Iraq. Buzzell, for one, was banned from patrols and confined to base after one such incident, and AWRAC began looking for others like him on blogs and .com sites.

But AWRAC hunted for more than overly vivid battle descriptions. It scoured pages for all kinds of information: personal data, like home addresses and Social Security numbers; restricted and classified documents; even pictures of weapons. When these violations were found, AWRAC contacted the webmaster or blog editor, and asked that they change their sites.

"Big Brother is not watching you, but 10 members of a Virginia National Guard unit might be," an official Army news story warned bloggers.

Within the Army, some worried that the blog-monitoring had compromised AWRAC's original goal.

"My suspicion ... is that the AWRAC's attention is being diverted by the new mission of reviewing all the Army blogs," reads an e-mail (.pdf) from the office of the Army Chief Information Officer obtained in EFF's FOIA lawsuit. "In the past they did a good job of detecting and correcting (website policy compliance) violations, but that is currently not the case."

On one blog, AWRAC found photos showing bomb damage to a Humvee; on another, a description of a mountain near a base in Afghanistan; on a third, a video about "morale concerning incoming mortar." AWRAC discovered a secret presentation on the official, unclassified Army Knowledge Online network. It found a map of an Army training center in Texas on a second .mil site. A "colonel's wife's maiden name" was caught on a third.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Science Daily — Terrorists and extremists have set up shop on the Internet, using it to recruit new members, spread propaganda and plan attacks across the world. The size and scope of these dark corners of the Web are vast and disturbing. But in a non-descript building in Tucson, a team of computational scientists are using the cutting-edge technology and novel new approaches to track their moves online, providing an invaluable tool in the global war on terror.

Funded by the National Science Foundation and other federal agencies, Hsinchun Chen and his Artificial Intelligence Lab at the University of Arizona have created the Dark Web project, which aims to systematically collect and analyze all terrorist-generated content on the Web.This is no small undertaking. The speed, ubiquity, and potential anonymity of Internet media--email, web sites, and Internet forums--make them ideal communication channels for militant groups and terrorist organizations. As a result, terrorists groups and their followers have created a vast presence on the Internet. A recent report estimates that there are more than 5,000 Web sites created and maintained by known international terrorist groups, including Al-Qaeda, the Iraqi insurgencies, and many home-grown terrorist cells in Europe. Many of these sites are produced in multiple languages and can be hidden within innocuous-looking Web sites.Because of its vital role in coordinating terror activities, analyzing Web content has become increasingly important to the intelligence agencies and research communities that monitor these groups, yet the sheer amount of material to be analyzed is so great that it can quickly overwhelm traditional methods of monitoring and surveillance.This is where the Dark Web project comes in. Using advanced techniques such as Web spidering, link analysis, content analysis, authorship analysis, sentiment analysis and multimedia analysis, Chen and his team can find, catalogue and analyze extremist activities online. According to Chen, scenarios involving vast amounts of information and data points are ideal challenges for computational scientists, who use the power of advanced computers and applications to find patterns and connections where humans can not.One of the tools developed by Dark Web is a technique called Writeprint, which automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating 'anonymous' content online. Writeprint can look at a posting on an online bulletin board, for example, and compare it with writings found elsewhere on the Internet. By analyzing these certain features, it can determine with more than 95 percent accuracy if the author has produced other content in the past. The system can then alert analysts when the same author produces new content, as well as where on the Internet the content is being copied, linked to or discussed.Dark Web also uses complex tracking software called Web spiders to search discussion threads and other content to find the corners of the Internet where terrorist activities are taking place. But according to Chen, sometimes the terrorists fight back."They can put booby-traps in their Web forums," Chen explains, "and the spider can bring back viruses to our machines." This online cat-and-mouse game means Dark Web must be constantly vigilant against these and other counter-measures deployed by the terrorists.Despite the risks, Dark Web is producing tangible results in the global war on terror. The project team recently completed a study of online stories and videos designed to help train terrorists in how to build improvised explosive devices (IEDs). Understanding what information is being spread about IED methods and where in the world it is being downloaded can improve countermeasures that are developed to thwart them.Dark Web is also a major research testbed for understanding the propaganda, ideology, communication, fundraising, command and control, and recruitment and training of terrorist groups. The Dark Web team has used the tools at their disposal to explore the content and impact of materials relating to "virtual imams" on the Internet, as well as terrorist training and weapons manuals.Dark Web's capabilities are also being used to study the online presence of extremist groups and other social movement organizations. Chen sees applications for this Web mining approach for other academic fields."What we are doing is using this to study societal change," Chen says. "Evidence of this change is appearing online, and computational science can help other disciplines better understand this change."

Note: This story has been adapted from a news release issued by National Science Foundation.

I tried using it for a hobby I used to like and the search does seem superior to previous engines insofar as it was more relevant to my querie. Apparantly this site was leaked by a MSFT before the initial launch next week:

Kevin Kelly, The Technium (11/14/07): Last February during a break at the most recent TED conference I was speaking to Chris Anderson, current editor in chief at Wired about his planned next book, called FREE. Nearly 10 years ago I had written a chapter in my thin New Rules for the New Economy book that focused on the role of the free and the economics of plentitude. I called that chapter “Follow the Free.” Almost nothing I’ve written has been as misunderstood as this short chapter. I’ve not had a Q+A session since then without this question coming up: “You say we should embrace the free. How can everything be free?”

The truth is that the concept of the free is easily misunderstood. Thus I applaud Chris’ brilliance in devoting a whole book to unraveling the mess. There’s much to be said about it, and even then we’ll just be at the beginning of understanding what free means. I originally thought I was done with the subject 10 years ago, but the continual questions, as well as the continual evolution of the commons, new social dynamics, new technological disruptions, and further research in the decade since have surfaced some new ideas. In particular I’ve concluded the free is deeply entwined into the very foundation of technology. I was sharing some of those emerging half-baked thoughts with Chris in the lobby of TED. Since that conversation I’ve discovered that the tie between technology and the free goes even further than I thought. My current conclusion can be summarized simply: Technology wants to be free…

George Gilder once noted there was a self-reinforcing positive feedback loop in miniaturization of technology. Smaller chips ran cooler, which allowed them to run faster, which allowed them to run cooler, which allowed them to be made smaller. And so on. There is a similar self-reinforcing positive feedback loop in the free-ization of technology. Nearly-free goods permit waste and experimentation, which breed new options for that good, which increase its abundance and lower its price, which generate more new options, which permit further novelty. And so on. These loops work on each other, compounding the effects between techniques and goods, and supercharging the entire ecology of technologies with an unstoppable momentum towards the free and towards unleashing new capabilities and possibilities.

The odd thing about free technology is that the “free as in beer” part is actually a distraction. As I have argued elsewhere (see my 2002 New York Times Magazine article on the future of music for example) the great attraction of “free” music is only partially that it does not cost anything. The chief importance of free music (and other free things) is held in the second English meaning of the word: free as in “freedom.” Free music is more than piracy because the freedom in the free digital downloads suddenly allowed music lovers to do all kinds of things with this music that they had longed to do but were unable to do before things were “free.” The “free” in digital music meant the audience could unbundled it from albums, sample it, create their own playlists, embed it, share it with love, bend it, graph it in colors, twist it, mash it, carry it, squeeze it, and enliven it with new ideas. The free-ization made it liquid and ‘free” to interact with other media. In the context of this freedom, the questionable legality of its free-ness was secondary. It didn’t really matter because music had been liberated by the free, almost made into a new media.

Technology wants to be free, as in free beer, because as it become free it also increases freedom. The inherent talents, capabilities and benefits of a technology cannot be released until it is almost free. The drive toward the free unleashes the constraints on each species in the technium, allowing it to interact with as many other species of technology as is possible, engendering new hybrids and deeper ecologies of tools, and permitting human users more choices and freedoms of use. As a technology grows in abundance and cheapness, it is more likely to find its appropriate niche which it can sustain itself and support other technologies in commodity mode. As technology heads toward the free it unleashes the only lasting thing it can: options and possibilities.

But as the Internet booms and moves to the center of the global economic sphere, it draws proportional attention from politicians and regulators. In Congress and at the FCC, legislators and lawyers think they can manage overflowing Net traffic and commerce better than the network companies themselves. Next week, the FCC is meeting en banc at Harvard Law School to consider two petitions that seek to ban network "traffic management." The meeting's host, Rep. Ed Markey, has renewed his pursuit of a far-reaching Internet regulatory regime known as "net neutrality."

These regulatory efforts overlook a fundamental shift: An upsurge of technological change and a rising tide of new forms of data are deeply transforming the Internet's capabilities and uses.

The first phase of the Net was the original Arpanet research project that connected a few, and then a few thousand, scientists. The second phase brought the Internet to the masses, with the advent of the World Wide Web, the graphical browser and email in the mid-1990s. Internet traffic boomed 100-fold between 1994 and 1996. In the third phase of Net evolution, network architecture and commercial business plans reflect the dominance of rich video and interactive media traffic.

The third wave is now swelling into an exaflood, or torrent, of Internet and Internet Protocol (IP) traffic. There's YouTube, IPTV, high-definition images and "cloud computing" -- in which individuals and businesses use the centralized computing resources of Google and IBM data centers, instead of the local computing resources of their own PCs or office systems. Not to mention the ubiquitous mobile camera.

To give you an idea of the scope, an exabyte (a one-quintillion byte unit of information or computer storage) is 50,000 times larger than a digitized Library of Congress. By the end of 2006, annual U.S. Internet traffic was around 10 exabytes.

As new fiber-optic wireline and 3G wireless networks from AT&T, Verizon, Comcast, Cox and Cogent bring us real broadband for the first time, the nature and volume of Net traffic is changing dramatically. By mid-2007, Microsoft Video Calling was generating as many bytes as the entire Internet in 1997.

Cisco's newest video-conferencing system requires 15 megabits per second in each direction. A one-hour conference call could thus produce 13.5 gigabytes, which is more than a high-definition movie. Just 75 of these Cisco conference calls would equal the entire Internet traffic of the year 1990.

Netflix, which is gradually moving from the post office to the Net, last year shipped 1.8 million DVDs every day. If converted to high definition, Netflix would have mailed 5.8 exabytes of motion pictures, or almost half the size of the entire U.S. Internet of 2007.

Building on rapid advances in Nvidia and ATI graphics processors, one 3D multiplayer game (such as Second Life or World of Warcraft) with one million users could generate more than an exabyte per year of network traffic, or almost a tenth of last year's U.S. Internet volume.

In a new Discovery Institute report, we estimate that, by 2015, U.S. IP traffic will reach an annual total of 1,000 exabytes, or one million million billion bytes. The U.S. Internet will thus be 50 times larger by 2015, equal to 50 million Libraries of Congress. This will require some $100 billion in new Internet infrastructure in the U.S. over the next five years.

We need a dramatic expansion in raw capacity, or bandwidth, and also fine-grained traffic management capabilities to ensure robust service for increasingly demanding consumers. But none of this can happen if we regulate complex network traffic engineering and experimental business plans.

All networks use some form of traffic management, whether crude or complex. As our colleague Ken Ferree notes, every industry, from grocery store "express lines" to "singles" ski-lift lines, attempts to shape and manage demand. Today's communications networks buffer, label, parse, schedule, prioritize, route, switch, modify, replicate, police and meter the bits flowing through their links and nodes. New pricing schemes that charge per byte consumed might also help to manage supply and demand on the Internet.

The petitions under consideration at the FCC and in the Markey net neutrality bill would set an entirely new course for U.S. broadband policy, marking every network bit and byte for inspection, regulation and possible litigation. Every price, partnership, advertisement and experimental business plan on the Net would have to look to Washington for permission. Many would be banned. Wall Street will not deploy the needed $100 billion in risk capital if Mr. Markey, digital traffic cop, insists on policing every intersection of the Internet.

Capacious, big-bandwidth networks will transcend many of today's specific complaints. As raw capacity expands, more and more applications and users can peacefully coexist. But inevitably, sophisticated network users with innovative applications will find creative ways to push the boundaries of capacity on certain network links, and some bits will be shuffled and queued.

The network is now a global computer made up of hardware, software and human minds. But this new, fast-changing and highly organic computer is no more easily regulated than were the circuits, storage, memory and protocols of a mainframe or PC. Leaving it to Washington agencies and committees to engineer the exaflood would be an act of unimaginable folly.

Mr. Swanson is a senior fellow and director of the Center for Global Innovation at The Progress & Freedom Foundation. Mr. Gilder is a senior fellow at the Discovery Institute.

See all of today's editorials and op-eds, plus video commentary, on Opinion Journal.

Nice read, CCP on superfast internet, and good questions. I don't know about specific companies, but Gilder was onto something all along regarding exploding data traffic and network capacities. The phonyness was to take his big picture thinking and try to frame it as an investment newsletter just because those are the only newsletters that sell. Those companies needed to make continuing huge investments without corresponding cash flows and profits. It's true that the net will increase its data flow exponentially, but I doubt it's true that we will be willing to pay exponentially more for that capability.

Because I have been nearly 99% in real estate and because I was working in fiber optics and followed developments in real time, I intentionally accepted the high risk - high potential rewards offered by these companies with all my available funds prior to the tech stock crash, and lost it all. It only seemed like major losses because of the paper successes before crashing. Oh well. I'm still trying to sort out the lessons.

Web threats have risen significantly in the first quarter of 2008, with one Web page being infected every five seconds, according to a new report from security vendor Sophos.

Released Wednesday, Sophos said in its Security Threat Report that an average of over 15,000 Web pages were compromised daily between January and March.

In contrast, the daily average for the entire 2007 was about 6,000, or one infected Web page every 14 seconds.

About 79 percent of compromised Web pages tracked this year belong to legitimate Web sites, Sophos reported. The company noted that the Web sites of Fortune 500 companies, government agencies and even security vendors, have fallen prey to malware attacks.

In addition, there has been a rise in spam-related Web pages--a daily average of 23,300 such pages were tracked during the first three months of 2008. This is equivalent to one spam Web page being discovered every three seconds.

Threats circulated via e-mail, on the other hand, appeared to have cooled off during the first quarter of this year.

According to Sophos, only one in 2,500 e-mail messages contained malware--40 percent fewer than 2007, where one in 909 e-mail messages were infected.

Slightly over 92 percent of all e-mail monitored by Sophos between January and March this year were spam messages. The security vendor analyzes millions of new messages on a daily basis.

The United States remains the top contributor of spam, followed by Russia, Turkey, China including Hong Kong, and Brazil.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

It's only natural to think that a revolutionary communications technology like the internet will help break down barriers between people and bring the world closer together. But that's not the only scenario, or even the most likely one. The internet turns everything, from knowledge-gathering to community-building, into a series of tiny transactions - clicks - that are simple in isolation yet extraordinarily complicated in the aggregate. Research shows that very small biases, when magnified through thousands or millions or billions of choices, can turn into profound schisms. There's reason to believe, or at least to fear, that this effect, inherent in large networks, may end up turning the internet into a polarizing force rather than a unifying one.

In a 1971 article titled "Dynamic Models of Segregation," Thomas Schelling, winner of the 2005 Nobel Prize for economics, offered a fascinating reappraisal of the segregation of communities along racial lines, illustrating the way biases are magnified through a kind of network effect. If asked what lies behind racial segregation, most of us would likely point to prejudice and discrimination. But Schelling, through a simple experiment, showed that extreme segregation may have a much more innocent cause. Mark Buchanan summarized Schelling's findings in his 2002 book Nexus:

Schelling began by imagining a society in which most people truly wish to live in balanced and racially integrated communities, with just one minor stipulation: most people would prefer not to end up living in a neighborhood in which they would be in the extreme minority. A white man might have black friends and colleagues and might be happy to live in a predominantly black neighborhood. Just the same, he might prefer not to be one of the only white people living there. This attitude is hardly racist and may indeed be one that many people - black, white, Hispanic, Chinese, or what have you - share. People naturally enjoy living among others with similar tastes, backgrounds, and values.

Nevertheless, innocent individual preferences of this sort can have startling effects, as Schelling discovered by drawing a grid of squares on a piece of paper and playing an illuminating game. On his grid, he first placed at random an equal number of black and white pieces, to depict an integrated society of two races mingling uniformly. He then supposed that every piece would prefer not to live in a minority of less than, say, 30 percent. So, taking one piece at a time, Schelling checked to see if less than 30 percent of its neighbors were of the same color, and if this was the case, he let that piece migrate to the nearest open square. He then repeated this procedure over and over until finally no piece lived in a local minority of less than 30 percent. To his surprise, Schelling discovered that at this point the black and white pieces not only had become less uniformly mixed but also had come to live in entirely distinct enclaves. In other words, the slight preference of the individual to avoid an extreme minority has the paradoxical but inexorable effect of obliterating mixed communities altogether.

Buchanan sums up the lesson of Schelling's experiment: "Social realities are fashioned not only by the desires of people but also by the action of blind and more or less mechanical forces - in this case forces that can amplify slight and seemingly harmless personal preferences into dramatic and troubling consequences." (You can download a piece of Windows-only software to perform the Schelling experiment yourself.) In the real world, with its mortgages and schools and jobs and moving vans, the "mechanical forces" of segregation move fairly slowly; there are brakes on the speed with which we pull up stakes and change where we live. In internet communities, there are no such constraints. Making a community-defining decision is as simple as clicking on a link - adding a feed to your blog reader, say, or a friend to your social network. Given the presence of a slight bias to be connected to people similar to ourselves, the segregation effect would thus tend to happen much faster - and with even more extreme consequences - on the internet.

This is all theoretical, of course, but it's easy to see how it follows logically from Schelling's findings. And there is other evidence that the Internet may end up being a polarizing force. In a recent academic paper, called "Global Village or Cyber-Balkans? Modeling and Measuring the Integration of Electronic Communities," Eric Brynjolfsson, of MIT, and Marshall Van Alstyne, of Boston University, describe the results of a model that measured how individuals' online choices influence community affiliation. "Although the conventional wisdom has stressed the integrating effects of [internet] technology," they write, in introducing their study, "we examine critically the claim that a global village is the inexorable result of increased connectivity and develop a suite of formal measures to address this question."

They note that, because there are limits to how much information we can process and how many people we can communicate with (we have "bounded rationality," to use the academic jargon), we naturally have to use filters to screen out ideas and contacts. On the internet, these filters are becoming ever more sophisticated, which means we can focus our attention - and our communities - ever more precisely. "Our analysis," Brynjolfsson and Van Alstyne write, "suggests that automatic search tools and filters that route communications among people based on their views, reputations, past statements or personal characteristics are not necessarily benign in their effects." Diversity in the physical world "can give way to virtual homogeneity as specialized communities coalesce across geographic boundaries."

They stress that "balkanization" is not the only possible result of filtering. "On the other hand," they write, "preferences for broader knowledge, or even randomized information, can also be indulged. In the presence of [information technology], a taste for diverse interaction leads to greater integration – underscoring how the technology serves mainly to amplify individual preferences. IT does not predetermine one outcome." Nevertheless, they write that their model indicates, in an echo of Schelling's findings, that "other factors being equal, all that is required to reduce integration in most cases is that preferred interactions are more focused than existing interactions." If, in other words, we have even a small inclination to prefer like-minded views and people, we will tend toward creating balkanized online communities.

Such fragmentation of association tends to lead to an ever-greater polarization of thinking, which in turn can erode civic cohesiveness, as the authors explain:

With the customized access and search capabilities of IT, individuals can focus their attention on career interests, music and entertainment that already match their defined profiles, and they can arrange to read only news and analysis that align with their preferences. Individuals empowered to screen out material that does not conform to their existing preferences may form virtual cliques, insulate themselves from opposing points of view, and reinforce their biases. Authors of collaborative filtering technology have long recognized its ability to both foster tribalism as well as a global village.

Indulging these preferences can have the perverse effect of intensifying and hardening pre-existing biases. Thus people who oppose free trade are likely, after talking to one another, to oppose it more fiercely; people who fear gun control appear, after discussion, more likely to take action; and juries that want to send a message seem, after deliberation, to set higher damage awards. The reasons include information cascades and oversampled arguments. In one, an accumulating, and unchallenged, body of evidence leads members to adopt group views in lieu of their own. In the other, members of a limited argument pool are unwilling or unable to construct persuasive counterarguments that would lead to more balanced views. The effect is not merely a tendency for members to conform to the group average but a radicalization in which this average moves toward extremes.

Increasing the number of information sources available may worsen this effect, as may increasing the attention paid to these information sources ... Internet users can seek out interactions with like-minded individuals who have similar values and thus become less likely to trust important decisions to people whose values differ from their own. This voluntary balkanization and the loss of shared experiences and values may be harmful to the structure of democratic societies as well as decentralized organizations.

It's too early in the history of the internet to know whether this disturbing scenario will come to pass, a point that the authors emphasize. But we need only look at, say, the tendency toward extremism - and distrust of those holding opposing views - among the most popular political bloggers to get a sense of how balkanization and polarization can emerge in online communities. Brynjolfsson and Van Alstyne end on this note: "We can, and should, explicitly consider what we value as we shape the nature of our networks and infrastructure - with no illusions that a greater sense of community will inexorably result." Personally, I'm even more fatalistic. I'm not sure we'll be able to influence the progression of internet communities by tinkering with "our networks and infrastructure." What will happen will happen. It's written in our clicks.

Last year, Netflix published 10 million movie rankings by 500,000 customers, as part of a challenge for people to come up with better recommendation systems than the one the company was using. The data was anonymized by removing personal details and replacing names with random numbers, to protect the privacy of the recommenders.

Arvind Narayanan and Vitaly Shmatikov, researchers at the University of Texas at Austin, de-anonymized some of the Netflix data by comparing rankings and timestamps with public information in the Internet Movie Database, or IMDb.

Their research (.pdf) illustrates some inherent security problems with anonymous data, but first it's important to explain what they did and did not do.

They did not reverse the anonymity of the entire Netflix dataset. What they did was reverse the anonymity of the Netflix dataset for those sampled users who also entered some movie rankings, under their own names, in the IMDb. (While IMDb's records are public, crawling the site to get them is against the IMDb's terms of service, so the researchers used a representative few to prove their algorithm.)

The point of the research was to demonstrate how little information is required to de-anonymize information in the Netflix dataset.

On one hand, isn't that sort of obvious? The risks of anonymous databases have been written about before, such as in this 2001 paper published in an IEEE journal (.pdf). The researchers working with the anonymous Netflix data didn't painstakingly figure out people's identities -- as others did with the AOL search database last year -- they just compared it with an already identified subset of similar data: a standard data-mining technique.

But as opportunities for this kind of analysis pop up more frequently, lots of anonymous data could end up at risk.

Someone with access to an anonymous dataset of telephone records, for example, might partially de-anonymize it by correlating it with a catalog merchants' telephone order database. Or Amazon's online book reviews could be the key to partially de-anonymizing a public database of credit card purchases, or a larger database of anonymous book reviews.

Google, with its database of users' internet searches, could easily de-anonymize a public database of internet purchases, or zero in on searches of medical terms to de-anonymize a public health database. Merchants who maintain detailed customer and purchase information could use their data to partially de-anonymize any large search engine's data, if it were released in an anonymized form. A data broker holding databases of several companies might be able to de-anonymize most of the records in those databases.

What the University of Texas researchers demonstrate is that this process isn't hard, and doesn't require a lot of data. It turns out that if you eliminate the top 100 movies everyone watches, our movie-watching habits are all pretty individual. This would certainly hold true for our book reading habits, our internet shopping habits, our telephone habits and our web searching habits.

The obvious countermeasures for this are, sadly, inadequate. Netflix could have randomized its dataset by removing a subset of the data, changing the timestamps or adding deliberate errors into the unique ID numbers it used to replace the names. It turns out, though, that this only makes the problem slightly harder. Narayanan's and Shmatikov's de-anonymization algorithm is surprisingly robust, and works with partial data, data that has been perturbed, even data with errors in it.

With only eight movie ratings (of which two may be completely wrong), and dates that may be up to two weeks in error, they can uniquely identify 99 percent of the records in the dataset. After that, all they need is a little bit of identifiable data: from the IMDb, from your blog, from anywhere. The moral is that it takes only a small named database for someone to pry the anonymity off a much larger anonymous database.

Other research reaches the same conclusion. Using public anonymous data from the 1990 census, Latanya Sweeney found that 87 percent of the population in the United States, 216 million of 248 million, could likely be uniquely identified by their five-digit ZIP code, combined with their gender and date of birth. About half of the U.S. population is likely identifiable by gender, date of birth and the city, town or municipality in which the person resides. Expanding the geographic scope to an entire county reduces that to a still-significant 18 percent. "In general," the researchers wrote, "few characteristics are needed to uniquely identify a person."

Stanford University researchers (.pdf) reported similar results using 2000 census data. It turns out that date of birth, which (unlike birthday month and day alone) sorts people into thousands of different buckets, is incredibly valuable in disambiguating people.

This has profound implications for releasing anonymous data. On one hand, anonymous data is an enormous boon for researchers -- AOL did a good thing when it released its anonymous dataset for research purposes, and it's sad that the CTO resigned and an entire research team was fired after the public outcry. Large anonymous databases of medical data are enormously valuable to society: for large-scale pharmacology studies, long-term follow-up studies and so on. Even anonymous telephone data makes for fascinating research.

On the other hand, in the age of wholesale surveillance, where everyone collects data on us all the time, anonymization is very fragile and riskier than it initially seems.

Like everything else in security, anonymity systems shouldn't be fielded before being subjected to adversarial attacks. We all know that it's folly to implement a cryptographic system before it's rigorously attacked; why should we expect anonymity systems to be any different? And, like everything else in security, anonymity is a trade-off. There are benefits, and there are corresponding risks.

Narayanan and Shmatikov are currently working on developing algorithms and techniques that enable the secure release of anonymous datasets like Netflix's. That's a research result we can all benefit from.

When he becomes president, Barack Obama will have to give up his BlackBerry. Aides are concerned that his unofficial conversations would become part of the presidential record, subject to subpoena and eventually made public as part of the country's historical record.

This reality of the information age might be particularly stark for the president, but it's no less true for all of us. Conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was just assumed.

This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations -- with friends, lovers, colleagues, members of our cabinet -- are not ephemeral; they leave their own electronic trails.

We know this intellectually, but we haven't truly internalized it. We type on, engrossed in conversation, forgetting we're being recorded and those recordings might come back to haunt us later.

Oliver North learned this, way back in 1987, when messages he thought he had deleted were saved by the White House PROFS system, and then subpoenaed in the Iran-Contra affair. Bill Gates learned this in 1998 when his conversational e-mails were provided to opposing counsel as part of the antitrust litigation discovery process. Mark Foley learned this in 2006 when his instant messages were saved and made public by the underage men he talked to. Paris Hilton learned this in 2005 when her cell phone account was hacked, and Sarah Palin learned it earlier this year when her Yahoo e-mail account was hacked. Someone in George W. Bush's administration learned this, and millions of e-mails went mysteriously and conveniently missing.

Ephemeral conversation is dying.

Cardinal Richelieu famously said, :If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all our ephemeral conversations can be saved for later examination, different rules have to apply. Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a Blackberry, are not official pronouncements. Discussions in a meeting, whether held in a boardroom or a chat room, are not the same as answers at a press conference. And privacy isn't just about having something to hide; it has enormous value to democracy, liberty, and our basic humanity.

We can't turn back technology; electronic communications are here to stay and even our voice conversations are threatened. But as technology makes our conversations less ephemeral, we need laws to step in and safeguard ephemeral conversation. We need a comprehensive data privacy law, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and delete it as soon as it is no longer needed. Laws requiring ISPs to store e-mails and other personal communications are exactly what we don't need.

Rules pertaining to government need to be different, because of the power differential. Subjecting the president's communications to eventual public review increases liberty because it reduces the government's power with respect to the people. Subjecting our communications to government review decreases liberty because it reduces our power with respect to the government. The president, as well as other members of government, need some ability to converse ephemerally -- just as they're allowed to have unrecorded meetings and phone calls -- but more of their actions need to be subject to public scrutiny.

But laws can only go so far. Law or no law, when something is made public it's too late. And many of us like having complete records of all our e-mail at our fingertips; it's like our offline brains.

In the end, this is cultural.

The Internet is the greatest generation gap since rock and roll. We're now witnessing one aspect of that generation gap: the younger generation chats digitally, and the older generation treats those chats as written correspondence. Until our CEOs blog, our Congressmen Twitter, and our world leaders send each other LOLcats – until we have a Presidential election where both candidates have a complete history on social networking sites from before they were teenagers– we aren't fully an information age society.

When everyone leaves a public digital trail of their personal thoughts since birth, no one will think twice about it being there. Obama might be on the younger side of the generation gap, but the rules he's operating under were written by the older side. It will take another generation before society's tolerance for digital ephemera changes.

This essay previously appeared on The Wall Street Journal website (not the print newspaper), and is an update of something I wrote previously

I wonder why if he is so sure it is the press and he knows who it is he doesn't peess charges. I suspect he doesn't know for sure or he doesn't have proof like he claims. I have known for years that the entertainment industry puts tracking devices on vehicles. I have been tracked and it is obvious they have a GPS devise or some other device somewhere. Try finding it. For all I know they simply bribe someone at the dealership to put it in somewhere while my car is getting repairs.

If cowell had proof of who it was he would be pressing charges for what is jail time offense.

Simon Cowell: photographers and journalists have been told not to pursue the reality show judge. Photograph: Stewart Cook/Rex Features

Lawyers acting for The X Factor judge Simon Cowell have warned UK newspapers not to harass their client after a tracking device was allegedly found attached to his Rolls Royce last week.

Law firm Carter-Ruck sent the warning letter to national newspapers on Friday after consulting with the presenter's publicist, Max Clifford, who told MediaGuardian.co.uk that "enough is enough".

According to Clifford, the letter pointed out that the use of a tracking device is illegal and could lead to prosecution.

He added that the identity of the journalist who allegedly attached the device is known to him and the individual concerned has been approached.

"We now who he is and we have marked his card and told him to never do anything like that again," Clifford said.

"We have always played the game and we are not precious but this is way beyond anything acceptable. So Carter-Ruck has sent a letter out to everybody warning them about this and making clear that it is unacceptable," he added.

"Simon has been putting up with this for seven years, with people approaching him at all hours and we know that we have got to have working relationships with the papers but within acceptable boundaries."

The letter also asked photographers and journalists not to pursue Cowell, place him under surveillance or photograph him in places where he has a reasonable expectation of privacy, including leaving or entering his home, Clifford said.

Asked if his client was upset about the alleged intrusion, Clifford added: "Simon is not getting stressed and not making a big drama about it but you know the game and he knows the game."***

********************************************************************************************************************What is twitter?Twitter is a social networking and micro-blogging service that allows its users to send and read other users' updates (known as tweets), which are text-based posts of up to 140 characters in length. Updates are displayed on the user's profile page and delivered to other users who have signed up to receive them. Senders can restrict delivery to those in their circle of friends (delivery to everyone being the default). Users can send and receive updates via the Twitter website, SMS, RSS (receive only), or through applications such as Tweetie, Twitterrific, and Feedalizr. The service is free to use over the web, but using SMS may incur phone services provider fees.********************************************************************************************************************

Twitter is huge, my GF has been using this for a while initially i thought it was .. well. Stupid but now Im a user. LOL.

Many people use it even celebrities, news stations and the president.

A variety people use it to connect and share information.

This is a guest post by Straight to the Bar's Scott Bird. Strength, Nutrition and Conditioning on Twitter.

Just joined twitter and wondering what to do, who to follow? Here are just a few strength athletes, nutritionists and serious fitness enthusiasts to add to your list. To follow any of them, simply open the link in a new tab and click the 'follow' button near the top of the page. If you'd like to add someone that we've missed (whether it's you, or just someone you enjoy reading), leave a note in the comments. The more the merrier. NB : if you're looking for somewhere to start, (and to find out more about the people on this list), why not tune in to the weekly twitterchats on Straight to the Bar. Each Wednesday, a top strength athlete or coach will be available online for an hour of serious questioning. Great chance to chat about strength training.Grip training

Scott Bird is the editor of strength-training site Straight to the Bar, and all-around fitness enthusiast. When he's not in the kitchen stuffing his face, he can generally be found engaging in cruel and unusual punishment in the backyard.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Another use of Twitter and iPhone. This is actually pretty cool, when the power went out on the island of Oahu many people still had use of their iPhone and so we twittered. Checkit out - http://search.twitter.com/search?q=%23hipower

Anyway, we have added extra batteries to our emergency preparedness kit for the iPhone.

In a bittersweet conclusion, a missing skier in the Swiss Alps was rescued with the help of Twitter and an iPhone, but it appears that his fellow skiing companion was found deceased after the two were separated from the rest of their group.

Tracking Twitter search for the term "verbier" (the region of the Alps where the two went missing) has brought much of the news together.

Blogger Robin Blandford of ByteSurgery.com rounded up some of the messages: one member of the ski trip Twittered that two members of the group were missing, and another posted a tweet requesting the cell phone numbers of the missing skiers to attempt to contact them. From what it looks like, the GPS coordinates of their iPhones were used to pinpoint their location, but when one of them was found alive, he had become separated from his companion.

The Swiss news source Le Nouvelliste reported on Tuesday that, unfortunately, the second skier had been found deceased.

Blandford updated his blog post to say that the two skiers worked for a start-up called Dolphin Music, and that a number of other tech entrepreneurs were in the same British ski group.

UPDATE at 8:53 a.m. PST: We have more information, and in English now, thanks to the U.K.-based Evening Standard. The two missing skiers were actually on snowboards, and have been identified as Jason Tavaria and Rob Williams, the 29-year-old co-founders of Dolphin Music.

Tavaria was found alive after he was located with GPS on his iPhone, but Williams was found dead, and according to the Evening Standard, had fallen about 66 feet and landed on rocks.

Blizzard conditions at Verbier had made the search and rescue process difficult.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Twitterfall: A New Twitter Tool for JournalistsPosted by Paul Bradshaw at 12:21 PM on Mar. 2, 2009A new Twitter interface application, Twitterfall, has been around for a month now. If you're a journalist, this is a must-see -- for about 10 minutes. Then it becomes a must-use.

Yes, this is yet another Twitter interface. But: This is Twitter on crack ... on roller skates ... in a jumpsuit.

Here's what Twitterfall does:

* Scanning. You can choose to watch everyone's tweets go by, or log in to watch only the tweets of those you follow. Thanks to Comet technology, Twitterfall has an especially fast search service. You can alter the speed from 0.3 tweets per second to a mind-scrambling 10 tweets per second.

* Keyword tracking. You can see the most popular terms of the moment, and just follow tweets containing those keywords (including hashtags). Or you can enter your own search term (as on the Web-based Twitter service Monitter) to track tweets mentioning it. You can combine keywords, too.

* Geo-filtering. You can enter a location to narrow down your display to tweets from that location that also mention keywords you choose (again as with Monitter). The words Mumbai and Chengdu come to mind.

* Basic usability. Unlike Monitter, you can use Twitterfall to post tweets yourself, reply to tweets and mark tweets as favorites. Just hovering over a tweet pauses the whole thing. You can also follow a user with one click -- a feature some popular clients like Tweetdeck lack. You can filter by language and choose to exclude retweets. You can save favorite searches. And you can customize the appearance of the interface, including the font size.

This is quite simply the best-designed Twitter interface I've ever seen -- and I have seen a lot of them.

If they ever create a mobile version of it (and it does sort of work on an iPod Touch/iPhone) I'll probably explode.

The fact that it was made by two students in York, U.K. also pleases me no end. You've just saved me 30 minutes every week convincing newspaper editors where the value lies in using Twitter, so thank you.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

I have question about Twitter for anyone who uses it. Can you have the tweets forwarded to your phone as txt msgs? There are a few I'd like to follow but I don't sit at a computer all day. Since I have unltd msg, I thought it would be a good way to use twitter.

I have question about Twitter for anyone who uses it. Can you have the tweets forwarded to your phone as txt msgs? There are a few I'd like to follow but I don't sit at a computer all day. Since I have unltd msg, I thought it would be a good way to use twitter.

Yes, If you are a member you can set it up send you txt messages.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

True. The cool thing about it that during the power outage earlier this year, people were twittering what was going on in their area as well as what time power was restored to each part of the island.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed